Премини към съдържанието
От 1-ви септември 2021 г., вход във форумите ще е възможен само с имейл адрес вместо потребителско име. Ако не помните имейла с който сте се регистрирали, вижте го в настройките на профила си. ×
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Съмнение за инфектирана система


Препоръчан отговор


Здравейте,

 

Като оплаквания... машината е бавна, но това най- вероятно си е от чисто хардуерно естество... С две думи, казаха ми според мен има троянец (мейл провайдерът ни алармирал за масова спам атака от този компютър), аз казах добре и почнах да гледам логовете като индианец пишеща машина :(, та... сега пускам тема със съответните логове на вниманието на тези, които не са си проспали лекциите :):

 

Благодаря предварително за отделеното време!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
Ran by Admin (administrator) on ADMIN-PC on 21-11-2014 18:39:15
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Mobogenie\MgAssist.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Mobogenie\DaemonProcess.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files\Comm100 Live Chat\Comm100 Live Chat.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Mobogenie.com) C:\Program Files\Mobogenie3\MobogenieService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(mobogenie.com) C:\Program Files\Mobogenie3\mobogenieP2sp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [748736 2014-07-19] ()
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\...\MountPoints2: {fefaa74b-6439-11e3-af85-806e6f6e6963} - E:\ASRSetup.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8644A3314E0CCF01
SearchScopes: HKU\S-1-5-21-2672553770-846555014-2797563508-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=782DBC5FF4D40BB7&affID=128491&tsp=5169
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.google.ru/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-13]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-13]
CHR Extension: (Alexa Traffic Rank) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-03-25]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-13]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-13]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-09-21] (Intel Corporation)
R2 MgAssistService; C:\Program Files\Mobogenie\MgAssist.exe [105664 2014-07-23] ()
R2 MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [116928 2014-11-20] (Mobogenie.com)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 asmthub3; C:\Windows\system32\drivers\asmthub3.sys [110920 2012-11-08] (ASMedia Technology Inc)
S3 asmtxhci; C:\Windows\system32\drivers\asmtxhci.sys [333128 2012-11-08] (ASMedia Technology Inc)
S3 b06diag; C:\Windows\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFN7x86; C:\Windows\system32\drivers\Xeno7x86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 bxfcoe; C:\Windows\system32\drivers\bxfcoe.sys [150568 2012-02-22] (Broadcom Corporation)
S3 bxois; C:\Windows\system32\drivers\bxois.sys [435240 2012-02-22] (Broadcom Corporation)
S3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [65152 2012-07-24] (Etron Technology Inc)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-07-24] (Etron Technology Inc)
S3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [88832 2012-07-24] (Etron Technology Inc)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [39360 2012-02-09] ()
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [359560 2012-12-21] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [792712 2012-12-21] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [73984 2011-10-25] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [165120 2011-10-25] (Renesas Electronics Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-21 18:39 - 2014-11-21 18:40 - 00012572 _____ () C:\Users\Admin\Desktop\FRST.txt
2014-11-21 18:38 - 2014-11-21 18:39 - 00000000 ____D () C:\FRST
2014-11-21 18:36 - 2014-11-21 18:37 - 01108992 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2014-11-19 11:07 - 2014-11-11 04:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:07 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 21:44 - 2014-11-18 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comm100 Live Chat
2014-11-18 21:44 - 2014-11-18 21:44 - 00000000 ____D () C:\Program Files\Comm100 Live Chat
2014-11-15 20:11 - 2014-11-15 20:11 - 00000085 _____ () C:\Users\Admin\Downloads\ATT00001.txt
2014-11-15 17:08 - 2014-11-15 17:08 - 00000000 ____D () C:\Users\Admin\mobogenieP2sp
2014-11-12 11:48 - 2014-11-07 21:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 11:48 - 2014-11-06 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:48 - 2014-11-06 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 11:48 - 2014-11-06 05:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:48 - 2014-11-06 05:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 11:48 - 2014-11-06 05:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 11:48 - 2014-11-06 05:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:48 - 2014-11-06 05:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 11:48 - 2014-11-06 05:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:48 - 2014-11-06 05:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:48 - 2014-11-06 05:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 11:48 - 2014-11-06 05:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 11:48 - 2014-11-06 04:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:48 - 2014-11-06 04:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 11:48 - 2014-11-06 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 11:48 - 2014-11-06 04:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 11:48 - 2014-11-06 04:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:48 - 2014-11-06 04:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 11:48 - 2014-11-06 04:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 11:48 - 2014-11-06 04:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:48 - 2014-11-06 04:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:48 - 2014-11-06 04:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:48 - 2014-11-06 04:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 11:48 - 2014-11-06 04:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:48 - 2014-11-06 04:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:48 - 2014-11-06 04:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 11:48 - 2014-11-06 04:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:48 - 2014-11-06 03:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:48 - 2014-11-06 03:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:48 - 2014-11-06 03:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 11:28 - 2014-09-19 11:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 11:28 - 2014-09-19 11:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 11:28 - 2014-09-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 11:28 - 2014-09-19 11:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 11:28 - 2014-09-19 11:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 11:28 - 2014-09-19 11:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 11:27 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 11:27 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 11:26 - 2014-10-14 03:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 11:26 - 2014-10-14 03:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 11:26 - 2014-10-14 03:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 11:26 - 2014-10-14 03:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 11:26 - 2014-10-14 03:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 11:26 - 2014-10-10 02:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 11:26 - 2014-10-03 03:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 11:26 - 2014-10-03 03:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 11:26 - 2014-10-03 03:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 11:26 - 2014-10-03 03:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 11:26 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 11:26 - 2014-08-21 08:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 11:26 - 2014-08-21 08:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 11:26 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 13:43 - 2014-11-11 13:58 - 00010685 ____N () C:\Users\Admin\Desktop\SportPlayers - 10%.xlsx
2014-11-06 18:50 - 2014-11-10 22:45 - 00011400 _____ () C:\Users\Admin\Desktop\RO Metadata 2.xlsx
2014-10-30 14:56 - 2014-11-14 14:07 - 00404992 ____N () C:\Users\Admin\Desktop\AffiliatesNewsletters.xls
2014-10-24 20:33 - 2014-10-24 20:33 - 00000065 _____ () C:\Users\Admin\Desktop\Bonusuri de cazinou pentru jucătorii la ruletă din cazinourile online.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-21 18:36 - 2013-12-13 18:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-11-21 18:27 - 2014-01-02 10:55 - 00000000 ____D () C:\Users\Admin\Documents\Файлове на Outlook
2014-11-21 18:00 - 2013-12-13 18:17 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-21 16:04 - 2014-07-19 09:31 - 00000000 ____D () C:\Program Files\Mobogenie3
2014-11-21 15:49 - 2013-12-13 18:08 - 01432699 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 15:44 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-21 15:44 - 2009-07-14 06:34 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-21 15:42 - 2014-06-05 17:22 - 00719422 _____ () C:\Windows\system32\perfh019.dat
2014-11-21 15:42 - 2014-06-05 17:22 - 00708702 _____ () C:\Windows\system32\prfh0416.dat
2014-11-21 15:42 - 2014-06-05 17:22 - 00651504 _____ () C:\Windows\system32\perfh01F.dat
2014-11-21 15:42 - 2014-06-05 17:22 - 00151668 _____ () C:\Windows\system32\perfc019.dat
2014-11-21 15:42 - 2014-06-05 17:22 - 00148482 _____ () C:\Windows\system32\prfc0416.dat
2014-11-21 15:42 - 2014-06-05 17:22 - 00140826 _____ () C:\Windows\system32\perfc01F.dat
2014-11-21 15:42 - 2010-11-20 23:01 - 04149028 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 15:37 - 2014-02-25 13:34 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\newnext.me
2014-11-21 15:36 - 2013-12-13 18:51 - 00000264 _____ () C:\Windows\Tasks\AutoKMS.job
2014-11-21 15:36 - 2013-12-13 18:17 - 00000982 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-21 15:36 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 15:36 - 2009-07-14 06:39 - 00039754 _____ () C:\Windows\setupact.log
2014-11-19 18:10 - 2014-06-16 13:37 - 00022906 _____ () C:\Users\Admin\Desktop\Ssilki s akciqmi v Odnoklassniki.xlsx
2014-11-19 16:38 - 2014-09-01 16:17 - 00154183 _____ () C:\Users\Admin\Desktop\alina_contacts.xlsx
2014-11-19 11:03 - 2013-12-13 18:17 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 21:44 - 2014-01-02 17:24 - 00000931 _____ () C:\Users\Public\Desktop\Comm100 Live Chat.lnk
2014-11-17 23:14 - 2014-01-06 10:54 - 00000000 ____D () C:\Users\Admin\Desktop\ALINA
2014-11-17 18:05 - 2014-10-14 16:36 - 00000000 ____D () C:\Users\Admin\Desktop\Template VKONTAKTE
2014-11-17 18:05 - 2014-08-12 10:59 - 00000000 ____D () C:\Users\Admin\Desktop\TEMPLATE for 1 deposit
2014-11-16 18:33 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-11-16 15:48 - 2010-11-20 23:48 - 00128370 _____ () C:\Windows\PFRO.log
2014-11-15 17:08 - 2013-12-13 18:09 - 00000000 ____D () C:\Users\Admin
2014-11-15 15:39 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-15 15:31 - 2013-12-13 18:50 - 00109280 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 15:30 - 2009-07-14 06:33 - 00408064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 15:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-11-15 15:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-11-15 15:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-11-15 15:29 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-12 20:26 - 2013-12-13 18:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 20:23 - 2014-06-04 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 20:19 - 2014-06-04 19:46 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 18:38 - 2014-10-21 17:42 - 00000000 ____D () C:\Users\Admin\Desktop\Romanian Noxwin
2014-11-05 11:46 - 2014-04-02 18:51 - 00011775 _____ () C:\Users\Admin\Desktop\Форумы на русских сайтах.xlsx
2014-11-04 11:15 - 2014-09-08 15:44 - 00000000 ____D () C:\Users\Admin\Desktop\SDMBG
2014-10-30 13:24 - 2014-01-03 13:34 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 19:31 - 2014-03-30 11:53 - 00000000 ____D () C:\Users\Admin\Desktop\Kartinki na Rabo4ii stol
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\Mobogenie_Setup_2-1-35_517.exe
C:\Users\Admin\AppData\Local\Temp\Office 2010 Toolkit.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 22:20
 
==================== End Of Log ============================

Addition.txt

Линк към коментара
Сподели в други сайтове

Здравейте,

 

Липсва втория лог файл - Addition.txt.

Иначе освен няколко адуерчета, други активни зарази не се наблюдават...

Facepalm то, вярно, че трябваше да се натисне прикачи, след като го избереш от системата...

 

ПП: за съжаление не намирам бутона за прикачване в режим на редакция, както и при пускане на нов пост, ще го копирам в настоящият коментар:

 

ПП2: Благодаря за бързата намеса :)

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
Ran by Admin at 2014-11-21 18:42:37
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Auslogics Registry Cleaner (HKLM\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 3.4.1.0 - Auslogics Labs Pty Ltd)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.58.1058 - Webteh, d.o.o.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Comm100 Live Chat (HKLM\...\Com.Comm100.LiveChat.AirVisitorMonitor.En.ED02F0ED4016DF29F52CC2E3BD1ED89CCC440D32.1) (Version: 7.5 - Comm100 Network Corporation)
Comm100 Live Chat (Version: 7.5 - Comm100 Network Corporation) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Google Chrome (HKLM\...\{1B729E3D-B16D-3A41-A9AE-6AEC20C6580D}) (Version: 65.156.32831 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
K-Lite Codec Pack 10.1.5 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Mobogenie (HKLM\...\Mobogenie) (Version:  - Mobogenie.com) <==== ATTENTION
Mobogenie3 (HKLM\...\Mobogenie3) (Version: 3.0.1.53153 - Mobogenie.com) <==== ATTENTION
Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Russian Phonetic Student - WinRus.com (HKLM\...\{7AE27077-F326-46AA-9CB2-DF595D56C8FA}) (Version: 1.0.3.40 - Paul Gorodyansky)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-11-2014 13:38:24 Windows Update
05-11-2014 14:24:18 Windows Update
10-11-2014 08:26:37 Windows Update
12-11-2014 18:17:51 Windows Update
16-11-2014 13:59:44 Windows Update
19-11-2014 18:04:08 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {481A4D49-6E98-46F6-941F-E69FB9C06C91} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8728C597-332C-465C-8D3F-DCE6B8EFD786} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {9C63A59E-324F-4A7E-804F-083FFE84C836} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-13] (Google Inc.)
Task: {AEA2DA54-F3CD-4D62-99BD-560667131F1B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-13 18:19 - 2013-10-23 15:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2014-02-25 13:50 - 2014-07-23 09:39 - 00105664 _____ () C:\Program Files\Mobogenie\MgAssist.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-18 17:24 - 2012-06-18 17:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2013-12-13 18:50 - 2012-09-17 10:23 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-02-25 13:33 - 2014-07-19 09:29 - 00748736 _____ () C:\Program Files\Mobogenie\DaemonProcess.exe
2014-02-25 13:50 - 2014-07-19 09:29 - 00065728 _____ () C:\Program Files\Mobogenie\Device.dll
2014-02-25 13:50 - 2014-07-19 09:29 - 00474816 _____ () C:\Program Files\Mobogenie\DCR.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-11-18 21:44 - 2014-11-18 21:44 - 00142336 _____ () C:\Program Files\Comm100 Live Chat\Comm100 Live Chat.exe
2014-11-19 11:03 - 2014-11-14 23:15 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
2014-11-19 11:03 - 2014-11-14 23:15 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\libegl.dll
2014-11-19 11:03 - 2014-11-14 23:15 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-19 11:03 - 2014-11-14 23:15 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2010-02-20 14:45 - 2010-02-20 14:45 - 00979432 _____ () C:\Program Files\Microsoft Office\OFFICE14\PROOF\1049\MSGRRU32.DLL
2014-11-19 11:03 - 2014-11-14 23:15 - 14910280 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-2672553770-846555014-2797563508-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2672553770-846555014-2797563508-500 - Administrator - Disabled)
Guest (S-1-5-21-2672553770-846555014-2797563508-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2672553770-846555014-2797563508-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/21/2014 03:38:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 10:57:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 02:14:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 00:31:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 03:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/15/2014 03:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 11:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 02:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 01:48:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 10:17:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/21/2014 04:04:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MobogenieService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (11/21/2014 03:37:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/19/2014 10:56:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/18/2014 02:13:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/17/2014 00:30:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/16/2014 03:49:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/15/2014 04:07:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MobogenieService service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (11/15/2014 03:32:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/12/2014 11:02:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/11/2014 02:00:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/21/2014 03:38:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 10:57:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 02:14:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 00:31:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 03:49:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/15/2014 03:32:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 11:03:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/11/2014 02:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 01:48:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 10:17:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU G1620 @ 2.70GHz
Percentage of memory in use: 89%
Total physical RAM: 1740.65 MB
Available physical RAM: 175.25 MB
Total Pagefile: 3481.3 MB
Available Pagefile: 959.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.24 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:117.09 GB) (Free:77.76 GB) NTFS
Drive d: (DATA) (Fixed) (Total:348.57 GB) (Free:340.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DE467CAE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=348.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Линк към коментара
Сподели в други сайтове

Деинсталирайте следните програми от Control Panel-a:

 

Mobogenie
Mobogenie3

 

След това изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Това е засега. :)

Линк към коментара
Сподели в други сайтове

 След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

Малко ревнувам - не ми иска рестарт, само ми отвори notepad с поискания от Вас лог: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Admin at 2014-11-25 16:09:57 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profile: Admin (Available profiles: Admin)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe [748736 2014-07-19] ()
C:\Program Files\Mobogenie
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\Admin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
C:\Users\Admin\AppData\Roaming\newnext.me
SearchScopes: HKU\S-1-5-21-2672553770-846555014-2797563508-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosear...128491&tsp=5169
R2 MobogenieService; C:\Program Files\Mobogenie3\MobogenieService.exe [116928 2014-11-20] (Mobogenie.com)
C:\Program Files\Mobogenie3
C:\Users\Admin\AppData\Local\Temp\BuenoSearchTB.exe
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.
"C:\Program Files\Mobogenie" => File/Directory not found.
HKU\S-1-5-21-2672553770-846555014-2797563508-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NextLive => value deleted successfully.
C:\Users\Admin\AppData\Roaming\newnext.me => Moved successfully.
"HKU\S-1-5-21-2672553770-846555014-2797563508-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
MobogenieService => Service not found.
C:\Program Files\Mobogenie3 => Moved successfully.
C:\Users\Admin\AppData\Local\Temp\BuenoSearchTB.exe => Moved successfully.
 
==== End of Fixlog ====

Линк към коментара
Сподели в други сайтове

Супер, нека сега да проверим за остатъци:

 

 

СТЪПКА 1

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.


     
    СТЪПКА 2
     

     
    Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.
  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.


     
    СТЪПКА 3


     
    Моля изтеглете Malwarebytes Anti-Malware 2.0.3.1025 Final и я запазете на вашия десктоп.
  • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.


     
    СТЪПКА 4
     

     
    1.Изтеглете Hitman Pro.
    За 32-битова система - dEMD6.gif.
    За 64-битова система - Download-button3.gif


    2.Стартирайте програмата.

    3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

    4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

    5.Натиснете бутона „Напред“.

    6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

    7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

    8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

    9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
     
    Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
     
    6-scanfin-choose.jpg
     
    Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:ProgramdataHitmanProLogs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.
Линк към коментара
Сподели в други сайтове

 

Супер, нека сега да проверим за остатъци:

 

Още веднъж, благодаря за съдействието. Прикачвам всички логове, като от МБАМ ми изкара 2, и двата ги прикачвам :)

 

Ето и лога от Хитмена, че него не го харесва системата... :(

 

HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : ADMIN-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : Admin-PC\Admin
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-11-27 16:13:07
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 3
   Traces  . . . . . . . : 123
 
   Objects scanned . . . : 1 404 151
   Files scanned . . . . : 155 679
   Remnants scanned  . . : 536 462 files / 712 010 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Admin\AppData\Roaming\CRDCCLEAN.exe
      Size . . . . . . . : 6 018 088 bytes
      Age  . . . . . . . : 135.2 days (2014-07-15 11:00:38)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 03D42EEFD3B1CE01272D6996DE1E3EF010033FF72F2082D25C43DE0C9D66DE26
    > Bitdefender  . . . : Trojan.GenericKD.1659563
      Fuzzy  . . . . . . : 113.0
 
   C:\Users\Admin\Desktop\stivcom.exe
      Size . . . . . . . : 226 208 bytes
      Age  . . . . . . . : 348.9 days (2013-12-13 18:28:54)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8047B5083EBC6B9210E31211F095A090FDB39B6E8AFAB82FDF683A16449B900C
      Product  . . . . . : UltraVncSC
      Publisher  . . . . : UltraVnc
      Description  . . . : UltraVnc Self-Extract Setup
      Version  . . . . . : 4.10.0.1
      Copyright  . . . . : Copyright (C) UltraVnc
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:RemoteAdmin.Win32.WinVNC.aha
      Fuzzy  . . . . . . : 108.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Admin\Desktop\FRST.exe
      Size . . . . . . . : 1 110 016 bytes
      Age  . . . . . . . : 2.0 days (2014-11-25 16:05:27)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AC70822A352AEDB164FB7BE5C46C9D4AA73F2C81C600CFF7382A4943A34F9117
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Malware remnants ____________________________________________________________
 
   HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}\ (BuenoSearch)
 
Cookies _____________________________________________________________________
 
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:4233693.fls.doubleclick.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.newegg.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.spadsmedia.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.21nova.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.affiliatecruise.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.affiliatesaga.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.anyoption.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.askgamblers.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bet-at.eu
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betatcasino.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.betfair.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.chroot.ro
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.domainbg.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.doxxbet.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.energycasinopartners.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.eurogrand.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.gamingintelligence.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.germany.ru
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.grosvenorcasinos.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.kaldata.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.leovegas.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.low.biz
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediaforge.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mybet.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pimdesign.org
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.politico.ro
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.prntscr.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.quasaraffiliates.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.rubybingo.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.slottyvegas.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.tradeads.eu
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.williamhill.es
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.williamhillcasino.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.winmasters.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.itsfogo.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserving.unibet.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advert.ogportals.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:backcountry.112.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bookmakersexplorer.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bwincom.122.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bwines.122.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bwingamebookers.122.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:cache.download.casinotropez.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:campusexplorer.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casinotropez.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:counter.hitslink.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:diff3.smartadserver.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:guthyrenker.112.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:hbastl.122.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:hotlog.ru
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:nasbxa.122.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:networksolutions.112.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:oasc17.247realmedia.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:riptownmedia.122.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:slotsexpert.ro
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.clicktracks.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.rtb-media.ru
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:weiosly.122.2o7.net
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.bookmakersexplorer.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.campusexplorer.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.casinotropez.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\002QLJB2.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\26VZ6EB6.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8FR8IK6L.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DO6EZGU2.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FM2SBNLH.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FS70OPFZ.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H187F33D.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HISBAMMM.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\L33DQG2J.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N3A87RSC.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N9HTWC1B.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OM5IGV3G.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PXKZSCMI.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S0VWMW5N.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S3D8HT9E.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TYEELYNP.txt
   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WB9Z7V1O.txt
 
 
 
ПП: Ако нещо съм пропуснал... ми ще го кача, като кажете какво :)
 
Поздрави!

AdwCleanerS0.txt

JRT.txt

Malwarebytes Anti-Malware1.txt

Malwarebytes Anti-Malware2.txt

Линк към коментара
Сподели в други сайтове

СТЪПКА 1

 

Почти сме готови. Изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

СТЪПКА 2

 

 

  • Моля изтеглете и стартирайте exe файла от линка отдолу:
    ESET OnlineScan
  • Сложете отметка пред esetAcceptTerms.png
  • Натиснете бутона esetStart.png и изчакайте компонентите да се инсталират.
  • Сложете отметка пред: Enable detection of potentially unwanted applications
  • Сеха натиснете линка с името Advanced Settings и се уверете, че няма отметка пред Remove found threats.
  • Сложете следните други отметки:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Натиснете бутона esetStart.png.
  • Програмата ще започне да тегли и инсталира ъпдейти и след това ще започне да проверява вашата система.Бъдете търпеливи, защото проверката е доста бавно и може да отнеме повече време (за предпочтане е да я направите, когато имате време и не сте пред компютъра, например през нощта докато спите).
  • След като сканирането приключи натиснете бутона esetListThreats.png
  • Сега натиснете линка esetExport.pngи запазете файла с име по ваш избор като например ESETScan.txt.
  • Натиснете бутона esetBack.png.
  • След това натиснете бутона esetFinish.png
  • Публикувайте лог файла в следващия си коментар.

 

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Почти сме готови. 

Oтново благодарности за бързата реакция, прилагам първият лог, но тъй като оперираме върху служебен компютър, а за съжаление следващите няколко дни няма да съм в офиса, сигурно ще се позабавя доста с втория лог (Ще оставя стъпките за следване на колежката, работеща на въпросната машина, но честно казано ме съмнява да получа точния лог по мейла, въпреки това) 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-11-2014 01

Ran by Admin at 2014-11-27 22:03:46 Run:2

Running from C:\Users\Admin\Desktop

Loaded Profile: Admin (Available profiles: Admin)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

start

C:\Users\Admin\AppData\Roaming\CRDCCLEAN.exe

DeleteKey: HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}

end

*****************

 

C:\Users\Admin\AppData\Roaming\CRDCCLEAN.exe => Moved successfully.

HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB} => Key Deleted successfully.

 

==== End of Fixlog ====

 

Поздрави!

Линк към коментара
Сподели в други сайтове

За мое щастие успях да дочакам и последния лог преди да тръгна:

 

C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.8.zip.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir a variant of Android/Mobserv.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Admin\AppData\Local\Temp\BuenoSearchTB.exe.xBAD a variant of Win32/Toolbar.Babylon.H potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Admin\AppData\Roaming\CRDCCLEAN.exe.xBAD a variant of Win32/Injector.Autoit.ABQ trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Admin\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
 
 
Поздрави!
Линк към коментара
Сподели в други сайтове

Супер, мисля, че сме готови...намерените неща бяха в карантинните папки на adwcleaner и FRST. С други думи ЕСЕТ не е намерил нищо след ползваните от нас инструменти. :)

 

Няколко финални препоръки:

 

1. Проверете за стари приложения с помощта на PatchMyPC.

 

2. Почистете Java Cache и премахнете остатъците остатъците от предишните JAVA инсталации по следния начин: (ако никога не сте инсталирали Java, то пропуснете тази точка).

  • Моля изтеглете JavaRa 2.6  и я разархивирайте на вашия десктоп.
  • Стартирайте файла JavaRa.exe.
  • Натиснете бутона Updata JavaRa Definitions и след това натиснете бутона Download. След като приключи просто натиснете бутона ОК.
  • Сега натиснете Remove JRE, тъй като вече деинсталирахте всички версии на JAVA в началото просто натиснете бутона Next.
  • Сега натиснете Perform Removal Routine за да премахнете всички остатъци от JAVA в регистъра и от компютъра.
  • Когато приключи натиснете бутона OK за да затворите съобщението.
  • Изберете Next за да пропуснете download процеса. Изберете бутона Next още веднъж.Сега изберете бутона Close this wizard и натиснете Finish.
  • От основното меню изберете сега Additional tasks.
  • Сложете отметка пред Remove startup entry, Remove Outdated JRE Firefox Extentions и Clean JRE Temp Files и натиснете бутона Run. Браузърите трябва да бъде затворени преди да се опитате да изпълните тази стъпка!
  • След като приключи успешно, ще видите съобщението: "Selected tasks completed successfully".
  • Ще се създаде лог файл в същата папка от която сте стартирали JavaRa.
  • Моля, публикувайте този файл в следващия си коментар. Ако е много голям го качете на dox.bg.
  • Затворете JavaRa с натискането на червения хикс.

 

3. За да почистим използваните от нас инструменти направете следното:

 

3.1 Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!
 

3.2 Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run

Инструмента ще се самоизтрие след като приключи своята задача! Ако има папки, които не са се изтрили след гореспоменатите процедури пишете и ще ги премахнем ръчно.

 

 

4. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

 

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Профилактика на компютъра,как?

 

Направете и една дефрагментация с MyDefrag за повишаване на производителноста при дисковите операции: (ще се отрази благоприятно и при често използваните програми):

 

Изтеглете MyDefrag и я инсталирайте.

 

Изтеглете следния архив и го разархивирайте в C:\Program Files\MyDefrag v4.3.1\Scripts

 

Стартирайте MyDefrag.exe и изберете System Disk Level V и посочете системния дял C: и натиснете Run

 

KcdlAEi.jpg

 

Може да отнеме доста време, защото за основа на скрипта са използвани скриптовете на Jaspion и на някои други потребители + мои лични настройки и модификации.

Скрипта ще направи приоритизация на често използваните програми и файлове.

След като приключи ще изпише Finished и можете да затворите програмата от X-са.

 

Рестартирайте системата.

 

5. Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава (не използвайте програми за автоматично обновяване на драйверите за да си спестите главоболията после) и направете пълна проверка за гадини с наличната ви антивирусна програма за всеки случай (защото тя все пак е базирана на дефиниции и ние може да сме изтървали нещо тъй като почистваме само това, което видим в логовете).

 

6. Инсталирайте Unchecky за да се предпазите от адуерчета, които се опитват да се инсталират по време на инсталация на безплатен софтуер.

 

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН! :bye1:

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от CaptainJord
      Здравейте, от известно време системата ми не работи както обикновенно. Много често процесора е към 100%, както и другите статистики. Също така, докато съм пуснал някоя игра получавам рязки спадове на FPS, което не е нормално за компютъра ми. Имам стабилна конфигурация GTX 1050 TI 4gb I5 6600k. Теглих какви ли не програми за сканиране на malware - намираха доста зловредни файлове, но уж ги чистят, а пак продължава проблема...
       

       
      Addition.txt FRST.txt

    • от FrankyF
      Здравейте, на скоро ми излезе един попъп :

      И понеже нямах антивирусна преди това исках да направя профилактична проверка.
      Прикачвам FRST & Adition.
      Adition - https://dox.abv.bg/download?id=ec814d8d64# - Линк за сваляне
      ckfiles - https://dox.abv.bg/download?id=e280a29d87# - Линк за сваляне
      FRST - https://dox.abv.bg/download?id=bb2866b435# - Линк за сваляне
      Днес като стартирах PC  видях за около части от секундата 4 терминала които се отвориха и затвориха.
       
      Благодаря предварително.
      Поздрави
    • от blazarow09
      От скоро ползвам машината и след като я закупих(нова) Windows defender беше спрян по подразбиране и на негово място имаше Norton Security, като аз прецених да го оставя, въпреки, че винаги съм ползвал Windows Defender. Преди седмица-две, след сканиране на системата ми излязоха няколко зловредни файла и антивирусната започна да спрами за някакви BitCoin Miners, аз мислех, че съм ги зачистил, но явно все още има останали зловредни файлове и днес ми се наложи да отворя Device Manager-a, като получих това съобщение.
       
      Не усещам разлика в performance-a на самата машина, но искам да съм сигурен, че всичко е наред и няма файлове, които могат да ми навредят за в бъдеще.

      Прикачвам логовете от Farbar и се надявам да ми помогнете. Благодаря предварително!
      Addition.txt FRST.txt
    • от Yanichka
      Здравейте. Имам проблеми с лаптопа ми от известно време - много е бавен, пренатоварва се и CPU-то работи на по-малко от  50%.. Бях посъветвана първо да проверя за вируси и нежелани софтуери, преди да предприема други мерки. Лаптопът е DELL Latitude E5540, Intel inside core i7 vPro. Да кажем, че  е средно на около 6 годинки :)) Коя антивирусна програма бихте ми препоръчали? Ако имате нужда от още информация за лаптопа, само пишете ;))  Благодаря предварително
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване