Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Странни съобщения и изображения


Препоръчан отговор


Здравейте вчера си легнах и изключих компюътра нямах никакви проблеми. Тази сутрин като го включих ESET ми изкара някакво съобщение, че май съм имал вирус при проверка на някакъв файл, доколкото разбрах свързах с svchost.exe

Отделно забелязах, че някои от иконите ми в линията долу и в Старт бар-а са се променили в такъв вид - все едно липсват програмите.

Интересното е, че само Mozilla работи нормално - всички останали изкарва съобщение, че не били Valid Win32 application...

 

ето снимка: http://prikachi.com/images.php?images/334/7645334a.jpg

 

Какво може да е станало и какво да правя оттук нататък? Благодаря предварително :)

Линк към коментара
Сподели в други сайтове

Какво може да е станало и какво да правя оттук нататък? Благодаря предварително :)

 

 

Здравейте..! Следвайте стъпките на темата Системата ми е инфектирана - Какво да правя сега?

Линк към коментара
Сподели в други сайтове

Докато течеше Scan-a излезе следното съобщение: http://prikachi.com/images.php?images/368/7645368Z.jpg
Същото имах и сутринта с други файлове както казах по-горе. Натиснах No Action и временно съм спрял антивирусната. Ето и логовете:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Nikolai Kolev (administrator) on NIKOLAIKOLEV-PC on 05-10-2014 11:47:11
Running from D:\Nikolai Kolev\Desktop
Loaded Profiles: Nikolai Kolev & UpdatusUser (Available profiles: Nikolai Kolev & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() D:\Games\Garena Plus\ggdllhost.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() D:\Games\Garena Plus\GarenaMessenger.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2583040 2009-09-21] (VIA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [677984 2013-03-28] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [993904 2013-05-11] ()
HKU\S-1-5-21-2595346186-3341984790-3347561993-1000\...\Run: [GarenaPlus] => D:\Games\Garena Plus\GarenaMessenger.exe [9958192 2014-09-18] ()
HKU\S-1-5-21-2595346186-3341984790-3347561993-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.bg/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6014ECD6BAA1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.190.192.247 89.190.192.248

FireFox:
========
FF ProfilePath: C:\Users\Nikolai Kolev\AppData\Roaming\Mozilla\Firefox\Profiles\ddo7gjeb.default-1382363020624
FF Homepage: hxxp://www.dir.bg/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Games\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-08-26]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Презентации) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-13]
CHR Extension: (Google Документи) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-13]
CHR Extension: (Google Диск) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-13]
CHR Extension: (YouTube) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-13]
CHR Extension: (Google Търсене) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-13]
CHR Extension: (ZenMate) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-09-13]
CHR Extension: (Електронни таблици от Google) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-13]
CHR Extension: (Google Wallet) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-13]
CHR Extension: (Gmail) - C:\Users\Nikolai Kolev\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [140472 2013-09-11] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [151976 2014-09-13] () [File not signed]
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [151976 2014-09-13] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5127200 2013-05-27] (INCA Internet Co., Ltd.)
S2 PowerManager; C:\Windows\svchost.exe [36352 2001-08-24] () [File not signed]
S3 RasMan; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 RasMan; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 OpenVPNService; "D:\Games\myvpn\OpenVPN\bin\openvpnserv.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcmePro_x64; D:\Games\KO PVP\AcmePro_x64.sys [23744 2014-07-08] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-10-26] (DT Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
U5 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [146928 2010-02-09] (CyberLink Corp.)
S3 GGSAFERDriver; \??\D:\Games\Garena Plus\Room\safedrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 11:46 - 2014-10-05 11:47 - 00000000 ____D () C:\FRST
2014-10-04 16:34 - 2014-10-04 16:34 - 00000719 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-10-04 16:34 - 2014-10-04 16:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-10-01 09:36 - 2014-09-25 05:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 09:36 - 2014-09-25 04:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 09:55 - 2014-10-05 11:10 - 00003412 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Nikolai Kolev
2014-09-27 11:14 - 2014-09-27 11:14 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-27 11:14 - 2014-09-27 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-26 18:24 - 2014-09-26 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arcane Gaming
2014-09-26 17:57 - 2014-09-26 18:24 - 00000000 __HDC () C:\ProgramData\{D0042780-AE31-4AAC-B0FF-A5EE7C18554E}
2014-09-26 17:56 - 2014-09-26 17:56 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Local\PackageAware
2014-09-25 00:07 - 2014-09-25 00:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 09:53 - 2014-09-10 01:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 09:53 - 2014-09-10 00:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-16 14:38 - 2014-09-16 14:38 - 00000790 _____ () C:\Users\UpdatusUser\Desktop\Counter-Strike 1.6.lnk
2014-09-15 11:24 - 2014-09-15 11:24 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-09-15 11:24 - 2014-09-15 11:24 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-15 11:24 - 2014-09-15 11:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-15 11:24 - 2014-02-17 16:56 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-09-15 11:24 - 2013-01-31 12:25 - 06207776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-15 11:24 - 2013-01-31 12:25 - 03300640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-09-15 11:24 - 2013-01-31 12:24 - 02558240 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-09-15 11:24 - 2013-01-31 12:24 - 00878368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-15 11:24 - 2013-01-31 12:24 - 00118560 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-15 11:24 - 2013-01-31 12:24 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-15 11:24 - 2009-07-14 07:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-15 11:24 - 2009-07-14 07:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-13 09:22 - 2014-09-13 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-10 10:46 - 2014-08-19 21:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 10:46 - 2014-08-19 20:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 10:46 - 2014-08-19 02:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 10:46 - 2014-08-19 01:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 10:46 - 2014-08-19 01:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 10:46 - 2014-08-19 01:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 10:46 - 2014-08-19 01:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 10:46 - 2014-08-19 01:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 10:46 - 2014-08-19 01:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 10:46 - 2014-08-19 01:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 10:46 - 2014-08-19 01:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 10:46 - 2014-08-19 01:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 10:46 - 2014-08-19 01:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 10:46 - 2014-08-19 01:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 10:46 - 2014-08-19 01:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 10:46 - 2014-08-19 01:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 10:46 - 2014-08-19 01:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 10:46 - 2014-08-19 01:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 10:46 - 2014-08-19 01:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 10:46 - 2014-08-19 00:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 10:46 - 2014-08-19 00:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 10:46 - 2014-08-19 00:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 10:46 - 2014-08-19 00:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 10:46 - 2014-08-19 00:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 10:46 - 2014-08-19 00:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 10:46 - 2014-08-19 00:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 10:46 - 2014-08-19 00:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 10:46 - 2014-08-19 00:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 10:46 - 2014-08-19 00:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 10:46 - 2014-08-19 00:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 10:46 - 2014-08-19 00:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 10:46 - 2014-08-19 00:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 10:46 - 2014-08-19 00:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 10:46 - 2014-08-19 00:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 10:46 - 2014-08-19 00:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 10:46 - 2014-08-19 00:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 10:46 - 2014-08-19 00:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 10:46 - 2014-08-19 00:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 10:46 - 2014-08-19 00:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 10:46 - 2014-08-19 00:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 10:46 - 2014-08-19 00:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 10:46 - 2014-08-19 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 10:46 - 2014-08-19 00:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 10:46 - 2014-08-19 00:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 10:46 - 2014-08-19 00:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 10:46 - 2014-08-19 00:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 10:46 - 2014-08-19 00:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 10:46 - 2014-08-19 00:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 10:46 - 2014-08-19 00:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 10:46 - 2014-08-19 00:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 10:46 - 2014-08-19 00:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 10:46 - 2014-08-18 23:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 10:46 - 2014-08-18 23:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 10:46 - 2014-08-18 23:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 10:46 - 2014-08-18 23:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 10:46 - 2014-08-18 23:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 10:40 - 2014-06-27 05:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 10:40 - 2014-06-27 04:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 09:29 - 2014-08-01 14:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:29 - 2014-08-01 14:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 09:28 - 2014-07-07 05:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:28 - 2014-07-07 05:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:28 - 2014-07-07 04:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 09:28 - 2014-07-07 04:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 09:28 - 2014-07-07 04:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 09:28 - 2014-06-24 06:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:28 - 2014-06-24 05:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-07 21:13 - 2014-10-05 11:13 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Roaming\GarenaPlus
2014-09-07 21:12 - 2014-10-05 11:13 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-09-07 21:12 - 2014-09-07 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-09-06 23:56 - 2014-09-06 23:56 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2014-09-06 23:56 - 2014-09-06 23:56 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2014-09-06 23:56 - 2014-09-06 23:56 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2014-09-06 23:41 - 2014-09-16 14:38 - 00000790 _____ () C:\Users\Nikolai Kolev\Desktop\Counter-Strike 1.6.lnk
2014-09-06 23:41 - 2014-09-06 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 11:46 - 2009-07-14 07:51 - 01763671 _____ () C:\Windows\setupact.log
2014-10-05 11:27 - 2014-02-03 11:49 - 00001012 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 11:22 - 2013-08-26 19:46 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Roaming\Skype
2014-10-05 11:17 - 2013-08-25 21:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 11:16 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-05 11:16 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-05 11:11 - 2013-08-26 19:43 - 00003486 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-05 11:10 - 2014-02-03 11:49 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-05 11:10 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 11:09 - 2013-08-25 20:23 - 01278095 _____ () C:\Windows\WindowsUpdate.log
2014-09-30 21:25 - 2013-08-26 19:35 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Local\Microsoft Help
2014-09-27 11:14 - 2013-08-26 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-27 11:12 - 2010-11-21 06:47 - 00187670 _____ () C:\Windows\PFRO.log
2014-09-26 18:10 - 2013-08-26 19:27 - 00000000 ____D () C:\ProgramData\Temp
2014-09-25 21:54 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-09-25 10:22 - 2013-08-26 09:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 13:17 - 2013-08-25 21:33 - 00736432 _____ () C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 13:17 - 2013-08-25 21:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 13:17 - 2013-08-25 21:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-16 14:18 - 2009-07-14 06:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-15 11:24 - 2013-11-16 19:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-15 11:24 - 2013-08-25 21:32 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-15 11:24 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help
2014-09-15 09:06 - 2010-11-21 06:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 22:50 - 2009-07-14 08:13 - 00799524 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 00:24 - 2013-08-26 19:44 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Roaming\uTorrent
2014-09-13 09:22 - 2014-02-03 11:49 - 00004008 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-13 09:22 - 2014-02-03 11:49 - 00003756 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-13 09:22 - 2014-02-03 11:49 - 00000000 ____D () C:\Users\Nikolai Kolev\AppData\Local\Google
2014-09-13 09:22 - 2014-02-03 11:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-10 10:45 - 2013-09-17 11:38 - 00783390 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 10:45 - 2013-08-25 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 10:40 - 2013-08-25 21:17 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 01:40

==================== End Of Log ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

Системата ви е инфектирана ..а вие  не следвате инструкциите ми коректно...
 

Копирайте съдържанието на файла FRST.txt в следващия си пост. Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 
Не виждам прикачения файл Addition.txt....!!! Моля това да не се повтаря..!

 

 
51a5bf3d99e8a-ComboFixlogo16.png Сканиране с ComboFix

 

 

i_arrow-r.gif Изтеглете ComboFix combofix.gif от тук и го запазете на десктопа си.
How to use ComboFix
icon_exclaim.gif Изключете вашата антивирусна и антишпионска програма, обикновено това става чрез натискане на десния бутон на мишката върху иконата на програма в системния трей.
Бележка: Ако не можете я спрете или не сте сигурни коя програма да изключите, моля прегледайте информацията от този линк: How to disable your security applications by amateur
icon_arrow.gif Стартирайте Combo-Fix.com combofix.gif и следвайте инструкциите.
Когато процесът приключи успешно, инструментът ще създаде лог файл. Моля, включете съдържанието на C:ComboFix.txt в следващия Ви коментар в тази тема.
i_exclaim.gif Моля, не прикачвайте лог файла/овете от програмата, а го/ги копирайте и поставете в следващия Ви коментар в тази тема.

Линк към коментара
Сподели в други сайтове

Съжалявам - наистина като публикувах поста не прикачих файла (навици от пощата че като цъкна browse i ok и се прикачва автоматично, а тук трябваше един допълнителен клик), но веднага след това се коригирах и направих корекция на поста, като прикачих файла.

Сега се заемам с Combofix


ComboFix 14-10-04.01 - Nikolai Kolev 10.2014 г.  12:13:12.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.4095.2214 [GMT 3:00]
Running from: d:\nikolai kolev\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerManager
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-05 to 2014-10-05  )))))))))))))))))))))))))))))))
.
.
2014-10-05 08:46 . 2014-10-05 08:48    --------    d-----w-    C:\FRST
2014-10-04 07:22 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{62181BBF-7361-4B0E-8370-4B4FB825A2FA}\mpengine.dll
2014-10-01 06:36 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-01 06:36 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-27 08:14 . 2014-09-27 08:14    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-09-27 08:14 . 2014-09-27 08:14    --------    d-----r-    c:\program files (x86)\Skype
2014-09-26 14:57 . 2014-09-26 15:24    --------    dc-h--w-    c:\programdata\{D0042780-AE31-4AAC-B0FF-A5EE7C18554E}
2014-09-26 14:56 . 2014-09-26 14:56    --------    d-----w-    c:\users\Nikolai Kolev\AppData\Local\PackageAware
2014-09-24 06:53 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-24 06:53 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-15 08:24 . 2014-09-15 08:24    --------    d-----w-    c:\users\UpdatusUser
2014-09-15 08:24 . 2014-09-16 11:13    --------    d-----w-    c:\programdata\NVIDIA
2014-09-15 08:24 . 2013-01-31 09:25    6207776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-09-15 08:24 . 2013-01-31 09:25    3300640    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-09-15 08:24 . 2013-01-31 09:24    878368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-09-15 08:24 . 2013-01-31 09:24    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-09-15 08:24 . 2013-01-31 09:24    2558240    ----a-w-    c:\windows\system32\nvsvcr.dll
2014-09-15 08:24 . 2013-01-31 09:24    118560    ----a-w-    c:\windows\system32\nvmctray.dll
2014-09-15 08:24 . 2014-09-15 08:24    --------    d-----w-    c:\programdata\NVIDIA Corporation
2014-09-10 07:40 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 07:40 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 06:29 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 06:29 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 06:28 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 06:28 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-10 06:28 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 06:28 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 06:28 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-10 06:28 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-10 06:28 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-07 18:13 . 2014-10-05 08:13    --------    d-----w-    c:\users\Nikolai Kolev\AppData\Roaming\GarenaPlus
2014-09-07 18:12 . 2014-10-05 08:13    --------    d-----w-    c:\programdata\GarenaMessenger
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 10:17 . 2013-08-25 18:33    736432    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 10:17 . 2013-08-25 18:33    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 06:06 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-10 07:40 . 2013-08-25 18:17    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-31 13:10    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-31 13:10    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-31 13:10    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-07-24 23:35 . 2014-07-24 23:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 20:47 . 2014-07-24 20:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 12:14 . 2014-07-22 12:14    137376    ----a-w-    c:\windows\system32\vcomp120.dll
2014-07-14 02:02 . 2014-08-13 06:17    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 06:17    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 06:17    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 06:17    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GarenaPlus"="d:\games\Garena Plus\GarenaMessenger.exe" [2014-09-18 9958192]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AcmePro_x64;AcmePro_x64;d:\games\KO PVP\AcmePro_x64.sys;d:\games\KO PVP\AcmePro_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\Garena Plus\Room\safedrv.sys;d:\games\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2013/08/26 19:28];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:28    1131848    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 10:17]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 06:22]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.bg/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.190.192.247 89.190.192.248
FF - ProfilePath - c:\users\Nikolai Kolev\AppData\Roaming\Mozilla\Firefox\Profiles\ddo7gjeb.default-1382363020624\
FF - prefs.js: browser.startup.homepage - hxxp://www.dir.bg/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\games\Garena Plus\ggdllhost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-10-05  12:31:40 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-05 09:31
.
Pre-Run: 29 369 843 712 bytes free
Post-Run: 29 208 690 688 bytes free
.
- - End Of File - - C2A2E5819C21F99D9A59AFB04D1BC52F
A36C5E4F47E84449FF07ED3517B43A31

 


Линк към коментара
Сподели в други сайтове

Има ли промяна след процедурите до тук..?

 

GUZVCQN.jpg  Моля, изтеглете Malwarebytes Anti -Malware и го запомнете на вашия работен плот .
  Кликнете два пъти върху mbam-setup-consumer-2.0.0.1хххх.exe и следвайте инструкциите, за да инсталирате програмата .

  • В секцията Settings = > Detection and Protection => Detection Options, се поставя отметка в квадратчето 'Scan for rootkits'.

 

  • MBAMsettings.JPG
  • В главния прозорец на програмата , щракнете върху 'Update Now'
  • След актуализацията завърши, кликнете на бутона " 'Scan Now  " .
  • Ако има налична актуализация , щракнете върху бутона Update Now button .
  • Ще стартира Threat Scan.
  • Когато сканирането приключи, ако има някакви открити зарази , щракнете върху Apply Actions за да се позволи на Mbam да почисти засеченото. .

MBAMReboot.JPG

  •   След рестарта ,стартирайте Mbam още веднъж.
  •   Кликнете на History tab > Application Logs .
  •   Кликнете два пъти върху реда , който показва датата и часа на сканирането или View Detailed Log .
  •   Кликнете върху " Copy да Clipboard "

 

  • MBAMLog.JPG

 

  •   Поставете  съдържанието на клипборда в следващия си  отговор.

 

 

i_arrow-r.gif Изтеглете програмата: ESET Online Scanner

 

  • Стартирайте esetsmartinstaller_enu.exe 7c9e83b53227ef3d.jpg
  • Сложете отметка на YES, I accept the Terms of Use и изберете Start:

 

04ed1c15c0abe843.jpg

 

  • Скенерът ще започне да изтегля компонентите, които са му необходими:

 

3b734079c5ccd713.jpg

 

 

  • Уверете се, че Enable detection of potentially unwanted applications е избран.

 

Уверете се, че е премахната отметката от:

 

  • Remove found threats

Уверете се че са маркирани следните позиции:

  • Scan Archives

Кликнете върху Advanced Settings и маркирайте следните опции:

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

Накрая изберете Start

 

2.JPG

 

Скенерът ще започне да изтегля последните дефиниции и ще започне сканиране на вашия компютър.
Моля, бъдете търпеливи, тъй като това може да отнеме известно време.

  • След, като сканирането завърши кликнете на List of found threats.
  • Щракнете върху Export, и запишете файла на вашия работен плот с  име  ESETScan. Копирайте съдържанието на този доклад, в следващия си отговор.
  • Изберете бутона Back.
  • Изберете бутона Finish.
Линк към коментара
Сподели в други сайтове

Ами промяна - освен че антивирусната вече не се обажда май друга няма - компютърът си работи, но програмите, са си по същия начин със същите икони и не се стартират, а Мозила ме пита всеки път като я стартирам казва, че не е браузър по подразбиране и дали искам тя да ми е такъв (всеки път казавам да).

ето лога от първата програма, сега пускам и втората:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5.10.2014 г.
Scan Time: 15:07:49 ч.
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.05.03
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Nikolai Kolev

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355125
Time Elapsed: 9 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Ividi.A, HKU\S-1-5-21-2595346186-3341984790-3347561993-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\iVIDI Plugin, Quarantined, [c8bdbf30c9b25bdbda04bf8408fbe818],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\Program Files (x86)\Your Uninstaller! 7\_autouninstall.exe, Quarantined, [760fba357efd37ff392aa43c9d67c43c],

Physical Sectors: 0
(No malicious items detected)


(end)

 

###

 

Излезе ми такова съобщение докато сканираше: http://prikachi.com/images.php?images/818/7645818l.jpg

Линк към коментара
Сподели в други сайтове

Ето и от ЕСЕТ:

 

D:\Downloads\KnightOnline1328_setup.exe    a variant of Win32/Packed.Themida potentially unwanted application
D:\Downloads\Torrents download\Thief-RELOADED\rld-thief.iso    a variant of Win32/HackTool.Crack.BL potentially unsafe application
D:\Downloads\Torrents download\Thief.Update.v1.4-RELOADED\Crack\Binaries2\Win32\steam_api.dll    a variant of Win32/HackTool.Crack.BL potentially unsafe application
D:\Games\United-PVP-New.rar    multiple threats
D:\Games\Arcane Gaming\Knight Online\KnightOnline.exe    a variant of Win32/Packed.Themida potentially unwanted application
D:\Games\Arcane Gaming\Knight Online\Option.exe    a variant of Win32/Packed.Themida potentially unwanted application
D:\Games\KO PVP\ACMEUpdate.exe    a variant of Win32/Packed.Themida potentially unwanted application
D:\Games\KO PVP\KnightOnline.exe    a variant of Win32/Packed.Themida potentially unwanted application
D:\Games\KO PVP\KTBL\acme_tblcontroll.exe    a variant of Win32/Packed.Themida potentially unwanted application
 

Линк към коментара
Сподели в други сайтове

icon1348768721.jpg  Изтеглете Security Check (автор: screen317) от тук

  • Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
  • Когато програмата завърши работата си, ще се отвори един текстов документ: checkup.txt.
  • Копирайте съдържанието на checkup.txt с Копирай (Copy) и с Постави (Paste) го поставете в следващия си коментар.

Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::
ClearJavaCache::

 
 След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

CFScriptB-4.gif

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 6.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````
 


ComboFix 14-10-04.01 - Nikolai Kolev 10.2014 г.  19:30:32.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.4095.2279 [GMT 3:00]
Running from: d:\nikolai kolev\Desktop\ComboFix.exe
Command switches used :: d:\nikolai kolev\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-05 to 2014-10-05  )))))))))))))))))))))))))))))))
.
.
2014-10-05 16:37 . 2014-10-05 16:37    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-05 12:28 . 2014-10-05 12:28    --------    d-----w-    c:\program files (x86)\ESET
2014-10-05 12:06 . 2014-10-05 12:25    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 12:06 . 2014-10-05 12:06    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-05 12:06 . 2014-10-05 12:06    --------    d-----w-    c:\programdata\Malwarebytes
2014-10-05 12:06 . 2014-05-12 04:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-05 12:06 . 2014-05-12 04:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 12:06 . 2014-05-12 04:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-05 08:46 . 2014-10-05 08:48    --------    d-----w-    C:\FRST
2014-10-04 07:22 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{62181BBF-7361-4B0E-8370-4B4FB825A2FA}\mpengine.dll
2014-10-01 06:36 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-01 06:36 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-27 08:14 . 2014-09-27 08:14    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-09-27 08:14 . 2014-09-27 08:14    --------    d-----r-    c:\program files (x86)\Skype
2014-09-26 14:57 . 2014-09-26 15:24    --------    dc-h--w-    c:\programdata\{D0042780-AE31-4AAC-B0FF-A5EE7C18554E}
2014-09-26 14:56 . 2014-09-26 14:56    --------    d-----w-    c:\users\Nikolai Kolev\AppData\Local\PackageAware
2014-09-24 06:53 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-24 06:53 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-15 08:24 . 2014-09-15 08:24    --------    d-----w-    c:\users\UpdatusUser
2014-09-15 08:24 . 2014-09-16 11:13    --------    d-----w-    c:\programdata\NVIDIA
2014-09-15 08:24 . 2013-01-31 09:25    6207776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-09-15 08:24 . 2013-01-31 09:25    3300640    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-09-15 08:24 . 2013-01-31 09:24    878368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-09-15 08:24 . 2013-01-31 09:24    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-09-15 08:24 . 2013-01-31 09:24    2558240    ----a-w-    c:\windows\system32\nvsvcr.dll
2014-09-15 08:24 . 2013-01-31 09:24    118560    ----a-w-    c:\windows\system32\nvmctray.dll
2014-09-15 08:24 . 2014-09-15 08:24    --------    d-----w-    c:\programdata\NVIDIA Corporation
2014-09-10 07:40 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 07:40 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 06:29 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 06:29 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 06:28 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 06:28 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-10 06:28 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 06:28 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 06:28 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-10 06:28 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-10 06:28 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-07 18:13 . 2014-10-05 12:25    --------    d-----w-    c:\users\Nikolai Kolev\AppData\Roaming\GarenaPlus
2014-09-07 18:12 . 2014-10-05 12:25    --------    d-----w-    c:\programdata\GarenaMessenger
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 10:17 . 2013-08-25 18:33    736432    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 10:17 . 2013-08-25 18:33    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 06:06 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-10 07:40 . 2013-08-25 18:17    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-31 13:10    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-31 13:10    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-31 13:10    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-07-24 23:35 . 2014-07-24 23:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 20:47 . 2014-07-24 20:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 12:14 . 2014-07-22 12:14    137376    ----a-w-    c:\windows\system32\vcomp120.dll
2014-07-14 02:02 . 2014-08-13 06:17    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 06:17    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 06:17    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 06:17    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GarenaPlus"="d:\games\Garena Plus\GarenaMessenger.exe" [2014-09-18 9958192]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AcmePro_x64;AcmePro_x64;d:\games\KO PVP\AcmePro_x64.sys;d:\games\KO PVP\AcmePro_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\Garena Plus\Room\safedrv.sys;d:\games\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2013/08/26 19:28];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:28    1131848    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 10:17]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 06:22]
.
2014-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.bg/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.190.192.247 89.190.192.248
FF - ProfilePath - c:\users\Nikolai Kolev\AppData\Roaming\Mozilla\Firefox\Profiles\ddo7gjeb.default-1382363020624\
FF - prefs.js: browser.startup.homepage - hxxp://www.dir.bg/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\games\Garena Plus\ggdllhost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-10-05  19:49:20 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-05 16:49
ComboFix2.txt  2014-10-05 09:31
.
Pre-Run: 29 079 662 592 bytes free
Post-Run: 29 005 484 032 bytes free
.
- - End Of File - - DC28315F1A547077CEEE7E1B3C5E425A
A36C5E4F47E84449FF07ED3517B43A31
 

Линк към коментара
Сподели в други сайтове

Изтеглете този инструмент wraioneu.PNGWindows Repair (All in One) от тук

  • Спрете защита в реално време на вашата антивирусна  програма.
  • Инсталирайте приложението и го стартирайте.
     
  • От стъпка 3 => стартирайте Check Disk (рестартирайте за да се извърши проверката).
  • От стъпка 4 направете sfc /scannow проверката.
  • От стъпка 5 направете бекъп на системата натискайки Create (под System Restore) и backup (под Registry Backup).
  • От Start Repairs натиснете Start и оттук вече сложете всички отметки.
  • Сложете отметка пред restart system when finished и натиснете Start.

     
    windowsrepair271.png
     
     
    Публикувайте в следващия си пост  Windows Repair дневник, който се намира в следната папка:
     
  • 64-bit системи - C:Program Files (x86)Tweaking.comWindows Repair (All in One)Logs
  • 32-bit системи - C:Program FilesTweaking.comWindows Repair (All in One)Logs
Линк към коментара
Сподели в други сайтове

Tweaking.com - Windows Repair v2.9.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: NIKOLAIKOLEV-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Nikolai Kolev
Current Profile SID: S-1-5-21-2595346186-3341984790-3347561993-1000
Current Profile Classes: S-1-5-21-2595346186-3341984790-3347561993-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Nikolai Kolev\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:39:55

Process Count: 54
Commit Total: 1,77 GB
Commit Limit: 8,00 GB
Commit Peak: 1,92 GB
Handle Count: 16897
Kernel Total: 395,55 MB
Kernel Paged: 331,17 MB
Kernel Non Paged: 64,38 MB
System Cache: 2,40 GB
Thread Count: 741
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4,00 GB
Memory Used: 1,69 GB(42,3407%)
Memory Avail.: 2,31 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 4,00 GB
Memory Used: 1,42 GB(35,4159%)
Memory Avail.: 2,58 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (6.10.2014 г. 10:28:00)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 76
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (6.10.2014 г. 10:28:03)
   Running Repair Under Current User Account
   Done (6.10.2014 г. 10:28:12)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (6.10.2014 г. 10:28:12)
   Running Repair Under System Account
   Done (6.10.2014 г. 10:31:27)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (6.10.2014 г. 10:31:27)
   Running Repair Under System Account
   Done (6.10.2014 г. 10:32:19)

03 - Reset Service Permissions
   Start (6.10.2014 г. 10:32:19)
   Running Repair Under System Account
   Done (6.10.2014 г. 10:33:06)

04 - Register System Files
   Start (6.10.2014 г. 10:33:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:33:34)

05 - Repair WMI
   Start (6.10.2014 г. 10:33:34)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   ESET NOD32 Antivirus 6.0 Exported.

   Exporting AntiSpyware Info...
   ESET NOD32 Antivirus 6.0 Exported.
   Windows Defender Exported.

   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.

   Running Repair Under Current User Account
   Done (6.10.2014 г. 10:37:08)

06 - Repair Windows Firewall
   Start (6.10.2014 г. 10:37:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:37:46)

07 - Repair Internet Explorer
   Start (6.10.2014 г. 10:37:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:38:09)

08 - Repair MDAC/MS Jet
   Start (6.10.2014 г. 10:38:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:38:15)

09 - Repair Hosts File
   Start (6.10.2014 г. 10:38:15)
   Running Repair Under System Account
   Done (6.10.2014 г. 10:38:16)

10 - Remove Policies Set By Infections
   Start (6.10.2014 г. 10:38:16)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:38:18)

11 - Repair Start Menu Icons Removed By Infections
   Start (6.10.2014 г. 10:38:19)
   Running Repair Under System Account
   Done (6.10.2014 г. 10:38:20)

12 - Repair Icons
   Start (6.10.2014 г. 10:38:20)
   Running Repair Under Current User Account
   Done (6.10.2014 г. 10:38:21)

13 - Repair Winsock & DNS Cache
   Start (6.10.2014 г. 10:38:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:38:49)

15 - Repair Proxy Settings
   Start (6.10.2014 г. 10:38:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:38:52)

17 - Repair Windows Updates
   Start (6.10.2014 г. 10:38:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (6.10.2014 г. 10:39:13)

18 - Repair CD/DVD Missing/Not Working
   Start (6.10.2014 г. 10:39:13)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (6.10.2014 г. 10:39:13)

19 - Repair Volume Shadow Copy Service
   Start (6.10.2014 г. 10:39:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:39:35)

21 - Repair MSI (Windows Installer)
   Start (6.10.2014 г. 10:39:35)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:39:48)

23.01 - Repair bat Association
   Start (6.10.2014 г. 10:39:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:39:50)

23.02 - Repair cmd Association
   Start (6.10.2014 г. 10:39:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:39:52)

23.03 - Repair com Association
   Start (6.10.2014 г. 10:39:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:39:54)

23.04 - Repair Directory Association
   Start (6.10.2014 г. 10:39:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:39:56)

23.05 - Repair Drive Association
   Start (6.10.2014 г. 10:39:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:39:58)

23.06 - Repair exe Association
   Start (6.10.2014 г. 10:39:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:00)

23.07 - Repair Folder Association
   Start (6.10.2014 г. 10:40:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:02)

23.08 - Repair inf Association
   Start (6.10.2014 г. 10:40:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:05)

23.09 - Repair lnk (Shortcuts) Association
   Start (6.10.2014 г. 10:40:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:07)

23.10 - Repair msc Association
   Start (6.10.2014 г. 10:40:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:09)

23.11 - Repair reg Association
   Start (6.10.2014 г. 10:40:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:11)

23.12 - Repair scr Association
   Start (6.10.2014 г. 10:40:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:13)

24 - Repair Windows Safe Mode
   Start (6.10.2014 г. 10:40:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:15)

25 - Repair Print Spooler
   Start (6.10.2014 г. 10:40:15)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:28)

26 - Restore Important Windows Services
   Start (6.10.2014 г. 10:40:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:34)

27 - Set Windows Services To Default Startup
   Start (6.10.2014 г. 10:40:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:44)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1

31 - Repair Windows 'New' Submenu
   Start (6.10.2014 г. 10:40:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6.10.2014 г. 10:40:46)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (6.10.2014 г. 10:40:46)
   Total Repair Time: 00:12:48


...YOU MUST RESTART YOUR SYSTEM...

 

Линк към коментара
Сподели в други сайтове

 

.....по същия начин със същите икони и не се стартират

 

Какво е моментното състояние на системата ви..? Проблема с иконите оправи ли се след Repair..?

Линк към коментара
Сподели в други сайтове

Какво е моментното състояние на системата ви..? Проблема с иконите оправи ли се след Repair..?

 

Не, мисля, че проблемът е някъде по-дълбоко от просто на ниво икони. Както бях казал по-рано самите програми не се стартират - ето линк: http://prikachi.com/images.php?images/602/7648602x.jpg

Сега проблемът си остава, нещо повече: опитах преинсталиране на Chrome, която също беше засеганта и след деинсталация не можа да се инсталира наново: http://prikachi.com/images.php?images/612/7648612K.jpg

Линк към коментара
Сподели в други сайтове

Разбирам..!
 
Копирайте текста в карето на notepad и го запазвате с име CFScript.txt на десктопа си:

 

KILLALL::


File::
c:\windows\xhunter1.sys

driver::
xhunter1

 
 След съхранението преместете  CFScript.txt на иконата на ComboFix.exe

CFScriptB-4.gif

Генерирания рапорт копирайте  и го поставете в следващия си коментар...!

Линк към коментара
Сподели в други сайтове

ComboFix 14-10-04.01 - Nikolai Kolev 10.2014 г.  22:14:05.3.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1251.359.1033.18.4095.2362 [GMT 3:00]
Running from: d:\nikolai kolev\Desktop\ComboFix.exe
Command switches used :: d:\nikolai kolev\Desktop\CFScript.txt.txt
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\xhunter1.sys"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XHUNTER1
-------\Service_xhunter1
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-06 to 2014-10-06  )))))))))))))))))))))))))))))))
.
.
2014-10-06 19:21 . 2014-10-06 19:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-06 07:43 . 2014-10-06 07:48    --------    d-----w-    c:\windows\system32\catroot2
2014-10-06 07:33 . 2014-10-06 07:33    --------    d-----w-    c:\windows\SysWow64\wbem\Performance
2014-10-06 07:26 . 2014-10-06 07:26    --------    d-----w-    C:\RegBackup
2014-10-06 06:43 . 2014-10-06 06:43    --------    d-----w-    c:\program files (x86)\Tweaking.com
2014-10-05 12:28 . 2014-10-05 12:28    --------    d-----w-    c:\program files (x86)\ESET
2014-10-05 12:06 . 2014-10-05 12:25    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 12:06 . 2014-10-05 12:06    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-05 12:06 . 2014-10-05 12:06    --------    d-----w-    c:\programdata\Malwarebytes
2014-10-05 12:06 . 2014-05-12 04:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-10-05 12:06 . 2014-05-12 04:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 12:06 . 2014-05-12 04:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-10-05 08:46 . 2014-10-05 08:48    --------    d-----w-    C:\FRST
2014-10-04 07:22 . 2014-09-09 02:05    11578928    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{62181BBF-7361-4B0E-8370-4B4FB825A2FA}\mpengine.dll
2014-10-01 06:36 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-01 06:36 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
2014-09-27 08:14 . 2014-09-27 08:14    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-09-27 08:14 . 2014-09-27 08:14    --------    d-----r-    c:\program files (x86)\Skype
2014-09-26 14:57 . 2014-09-26 15:24    --------    dc-h--w-    c:\programdata\{D0042780-AE31-4AAC-B0FF-A5EE7C18554E}
2014-09-26 14:56 . 2014-09-26 14:56    --------    d-----w-    c:\users\Nikolai Kolev\AppData\Local\PackageAware
2014-09-24 06:53 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-24 06:53 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-15 08:24 . 2014-09-15 08:24    --------    d-----w-    c:\users\UpdatusUser
2014-09-15 08:24 . 2014-09-16 11:13    --------    d-----w-    c:\programdata\NVIDIA
2014-09-15 08:24 . 2013-01-31 09:25    6207776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-09-15 08:24 . 2013-01-31 09:25    3300640    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-09-15 08:24 . 2013-01-31 09:24    878368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-09-15 08:24 . 2013-01-31 09:24    63776    ----a-w-    c:\windows\system32\nvshext.dll
2014-09-15 08:24 . 2013-01-31 09:24    2558240    ----a-w-    c:\windows\system32\nvsvcr.dll
2014-09-15 08:24 . 2013-01-31 09:24    118560    ----a-w-    c:\windows\system32\nvmctray.dll
2014-09-15 08:24 . 2014-09-15 08:24    --------    d-----w-    c:\programdata\NVIDIA Corporation
2014-09-10 07:40 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-10 07:40 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 06:29 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-10 06:29 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 06:28 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-10 06:28 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-10 06:28 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-10 06:28 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-10 06:28 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-10 06:28 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-10 06:28 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-07 18:13 . 2014-10-06 07:48    --------    d-----w-    c:\users\Nikolai Kolev\AppData\Roaming\GarenaPlus
2014-09-07 18:12 . 2014-10-06 07:48    --------    d-----w-    c:\programdata\GarenaMessenger
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 10:17 . 2013-08-25 18:33    736432    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 10:17 . 2013-08-25 18:33    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 06:06 . 2010-11-21 03:27    278152    ------w-    c:\windows\system32\MpSigStub.exe
2014-09-10 07:40 . 2013-08-25 18:17    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-31 13:10    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-31 13:10    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-31 13:10    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-07-24 23:35 . 2014-07-24 23:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 20:47 . 2014-07-24 20:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 12:14 . 2014-07-22 12:14    137376    ----a-w-    c:\windows\system32\vcomp120.dll
2014-07-14 02:02 . 2014-08-13 06:17    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 06:17    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 06:17    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 06:17    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 06:17    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GarenaPlus"="d:\games\Garena Plus\GarenaMessenger.exe" [2014-09-18 9958192]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AcmePro_x64;AcmePro_x64;d:\games\KO PVP\AcmePro_x64.sys;d:\games\KO PVP\AcmePro_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;d:\games\Garena Plus\Room\safedrv.sys;d:\games\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2013/08/26 19:28];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-25 10:17]
.
2014-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 06:22]
.
2014-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-13 06:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.bg/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.190.192.247 89.190.192.248
FF - ProfilePath - c:\users\Nikolai Kolev\AppData\Roaming\Mozilla\Firefox\Profiles\ddo7gjeb.default-1382363020624\
FF - prefs.js: browser.startup.homepage - hxxp://www.dir.bg/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\games\Garena Plus\ggdllhost.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-10-06  22:33:15 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-06 19:33
ComboFix2.txt  2014-10-05 16:49
ComboFix3.txt  2014-10-05 09:31
.
Pre-Run: 29 181 546 496 bytes free
Post-Run: 29 120 897 024 bytes free
.
- - End Of File - - DC96E79103F543BD0FE36F823C35D8FB
A36C5E4F47E84449FF07ED3517B43A31
 

Линк към коментара
Сподели в други сайтове

Дневникът е чист..! Не се виждат активни зарази..! :)
 
Изтеглете програмата FixExec в зависимост от вашата операционна система.

Запомняте я на вашия десктоп.

Стартирате програмата и следвайки стъпките я оставяте да си свърши работата.След това рестартирате компютъра си.

Линк към коментара
Сподели в други сайтове

Не знам дали е нормално да си свърши работата толкова бързо: http://prikachi.com/images.php?images/484/7649484f.jpg

обаче нищо не се оправи след рестарт - иконите са развалени, програмите не работят, Chrome също не се инсталира :(

Линк към коментара
Сподели в други сайтове

Хмммм...!

 

icon1337952077.png Моля, изтеглете Farbar Service Scanner и я стартирайте.

  • Сложете всички отметки и натиснете бутона "Scan".
  • Ще се създаде лог файл с името (FSS.txt) в папката откъдето стартирате инструмента.
  • Прикачете лог файла в следващия си пост.

 

 

Моля, изтеглете последната версия на TDSSKiller оттук и я запазете на вашия декстоп (задължително).

  • Кликнете на TDSSKiller.exe за да стартирате приложението
  • Натиснете бутона Start Scan.
  •  Не използвайте компютъра по време на сканирането
  •  Ако сканирането завърши с нищо не е намерено, щракнете върху Затвори, за да излезете.
  • Проверката не би трябвало да отмене повече от 2 минути.
  • Ако подозрителен обект бъде засечен, действието по подразбиране ще бъде Skip, кликнете върху Continue.
  • Ако зловредни обекти бъдат намерени, тогава от падащото меню ще имате три възможности.
    Бъдете сигурни, че избраното действие е Cure и натиснете върху Continue > Рестартирайте за да бъде завършена поправката.

    Забележка: Ако Cure бутона не е наличен от възможностите, тогава моля изберете Skip бутона, не избирайте Delete освен ако не сте инструктирани затова.

 

Лог файл ще бъде създаден в свободната директория на дял C: . Потърсете за лог с името "TDSSKiller.[Version]_[Date]_[Time]_log.txt" и копирайте съдържанието му в следващия си пост.

 

 

FRST.gif Сканиране с Farbar Recovery Scan Tool

Повторете сканирането с Farbar Recovery Scan Tool и публикувайте дневниците в следващия си пост..!


..и още една проверка:

 

  • Изтеглете ListParts или ListParts64 (в зависимост от вашата система) го запазете на вашия  Desktop..
  • Стартирайте ListParts.exe  или ListParts64.exe (в зависимост от вашата система).

listparts.jpg

  • Натиснете бутона Scan.
  • Когато приключи  сканирането ще се генерира дневник Result.txt на вашия Desktop.
  • Моля, публикувайте съдържанието на дневника в следващия си пост
Линк към коментара
Сподели в други сайтове

Прикачам първия лог от Farbar


Дава ми, че е твърде дълъг пост-а ми, затова прикачам и лог-а от TDSSKiller


Прикачам и двата лога от Farbar Recovery Scan


Ето и последния лог

FSS.txt

TDSSKiller.3.0.0.40_07.10.2014_20.19.49_log.txt

Addition.txt

FRST.txt

Result.txt

Линк към коментара
Сподели в други сайтове

Здравейте..Да опитаме още нещо..:

 

Start => въведете в полето за търсене CMD => кликнете върху файла CMD.exe и изберете Run as administrator => напишете CMD.exe => въведете командата sfc /scannow и натиснете Enter

 

след това копирайте следната команда:

 

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

 

и натиснете Enter

 

Публикувайте в следващия си пост sfcdetails.txt, който ще се генерира на десктопа ви.

Линк към коментара
Сподели в други сайтове

Преинсталирах си компютъра - мерси все пак за положените усилия :)

 

Благодаря че ме уведомихте...Поздрави и безопасен интернет ви пожелавам..! :)

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от turb1te
      Здравейте,
      Изтеглих Malwarebytes Anti-Malware и направих сканиране. Карантинирах откритите заплахи, но след рестартиране на системата отново се появиха нови заплахи от същия тип. Ще прикача лог от MBAM и от Farbar, както е по инструкции. Рестартирах лаптопа преди да създам прикачените логове, тоест не съм чистил отново преди да ги взема. Също пробвах да реша проблема с AdwCleaner, но не проработи. Бях чекнал всичките опции в AdwCleaner за ресет без chrome policies. В Farbar чекнах всичко преди сканиране.
      MBAM_20210718_1030.txt Addition.txt FRST.txt Shortcut.txt
    • от stef000
      Здравейте. Тези съобщения (от снимките) се отварят (всеки път) при пускането на services.msc. Системата е инсталирана преди няколко месеца и е използвана предимно за интернет. Не ми е създавала проблеми. Също така сканирах с няколко програми включително Malwarebyates и KVRT и всичко излиза чисто!
       


      Addition.txt FRST.txt
    • от [email protected]
      Днес си пускам компютъра и ми прави впечатление, че зарежда бавно някой страници а други като например калдата изобщо не зарежда, реших че може да е вирус и се опитах да пусна он лайн скенера на ESET, обаче казва, че не може да зареди базата със сигнатурите. Опитах да дръпна някаква антивирусна от нета и навсякъде нямам достъп. Гледам, че и Уиндоус ъпдейтите са недосръпни. Другото което прави впечатление, че Дефендъра е недостъпен, като кликна на Уиндоус сикюрите прозореца е празен. Като го пуснах някакси гледам че сканира офлайн. Какво мога да направя като не мога да сваля антивирусна ? И нещо друго ако Тубата работи нормално и влизам в др. форуми например, няма как да е от нета?
    • от サムライオートバイ
      Последните няколко дни се интересувах малко от chia и как мога да копам/фармя тази нова валута и посещавах редица сайтове свързани с темата и pool фарминга. На няколко пъти ми пропещяваше антивирусната, но не й обръщах внимание. Предполагам че от там съм лепнал някоя зараза. Ако има значение интернета на PC-то идва от стар андроид телефон с операционна система андроид 8 и хотспот. 

      Addition.txt
      Дава ми: За съжаление при качването на този файл възникна неизвестна грешка в сървъра.
      (Error code: -200)    когато се пробвам да кача Frst.txt FRST.txt
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване