Премини към съдържанието

Препоръчан отговор


Здравейте,

 

вчера антивирусната програма (Аваст) блокира уеб страница и оттогава програмите зареждат по-бавно, както и Старт менюто. Направих сканиране, беше открит вирус и отстранен успешно, но компютърът отново е по-бавен. След това забелязах, че Аваст-а ми изписва "You are unprotected". Инсталирах я наново, без резултат. След деинсталиране на Аваст сложих 360 Total Security. Бяха открити 5 заплахи, програмата ги премахна, но системата отново е по-бавна. Какво да направя?

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by v002 (administrator) on V002-4FCF638A90 on 07-05-2015 11:42:36
Running from C:\Documents and Settings\v002\My Documents\Downloads
Loaded Profiles: v002 & UpdatusUser (Available profiles: v002 & UpdatusUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files\ICQ6Toolbar\ICQ Service.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Samsung Electronics.) C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
(NewSoft Technology Corporation) C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
() C:\Program Files\Winamp 2\Winamp\winampa.exe
(Visicom Media Inc.) C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
() C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Datecs\FlexType 2K\FType2K.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [716800 2005-09-07] (Analog Devices, Inc.)
HKLM\...\Run: [samsung Common SM] => C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [372736 2005-07-03] (Samsung Electronics.)
HKLM\...\Run: [smart Start UP] => C:\Program Files\NewSoft\Smart Start UP\PnPDetect.exe [104528 2007-04-27] (NewSoft Technology Corporation)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2005-01-12] (Cyberlink Corp.)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp 2\Winamp\winampa.exe [33792 2003-12-13] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Panda Security URL Filtering] => C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe [304952 2014-09-19] (Visicom Media Inc.)
HKLM\...\Run: [QHSafeTray] => C:\Program Files\360\Total Security\safemon\QHSafeTray.exe [1818736 2014-12-24] ()
HKU\S-1-5-19\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [31283328 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ss3dfo.scr [704512 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1123561945-861567501-1644491937-1004\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [panda4_1dn] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_XP] => reg.exe delete "HKCU\Software\panda4_1dn" /f
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_DATA_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering" /s /q
HKU\S-1-5-18\...\RunOnce: [panda4_1dn_INSTALL_FOLDER] => cmd.exe /c rmdir "C:\Documents and Settings\Default User\Local Settings\Application Data\panda4_1dn" /s /q
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FlexType 2K.lnk [2014-11-04]
ShortcutTarget: FlexType 2K.lnk -> C:\Program Files\Datecs\FlexType 2K\FType2K.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1123561945-861567501-1644491937-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dir.bg/
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [s-1-5-21-1123561945-861567501-1644491937-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1123561945-861567501-1644491937-1003 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-1123561945-861567501-1644491937-1003 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm067^YYA^bg&si=flvrunner&ptb=41F4FBC0-8D7C-4D1D-91A0-6450BD029B92&ind=2014032002&n=780bb082&psa=&st=sb&searchfor={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO: Panda Security Toolbar -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
Toolbar: HKLM - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12] (ICQ)
Toolbar: HKLM - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2014-10-17] ()
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\v002\Application Data\Mozilla\Firefox\Profiles\21njerzb.default
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://www.gbg.bg/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF SearchPlugin: C:\Documents and Settings\v002\Application Data\Mozilla\Firefox\Profiles\21njerzb.default\searchplugins\icqplugin.xml [2015-05-06]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\911bg.xml [2014-08-04]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\diribg.xml [2014-08-04]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-08-04]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-08-04]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-12-24]
FF Extension: Panda Security Toolbar - C:\Documents and Settings\v002\Application Data\Mozilla\Firefox\Profiles\21njerzb.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2014-12-23]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-26]
FF HKLM\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files\360\Total Security\safemon\webprotection_firefox [2015-05-07]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "1a9ead4e74ff825b" service could not be unlocked. <===== ATTENTION

R2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [222456 2008-06-10] ()
R2 QHActiveDefense; C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe [707696 2014-12-24] ()
S3 WPFFontCache_v0400; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker.sys [88136 2014-12-24] (360.cn)
S3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [65608 2014-12-24] (360.cn)
S3 360Box; C:\WINDOWS\System32\DRIVERS\360Box.sys [202312 2014-12-24] (360.cn)
S3 360Camera; C:\WINDOWS\System32\Drivers\360Camera.sys [34888 2014-12-24] (360.cn)
S1 360SelfProtection; C:\WINDOWS\System32\drivers\360SelfProtection.sys [174536 2014-12-24] (360安全中心)
R3 AEAudioService; C:\WINDOWS\System32\drivers\AEAudio.sys [127872 2005-03-04] (Andrea Electronics Corporation)
R1 aslm75; C:\WINDOWS\system32\drivers\aslm75.sys [6272 1997-04-22] () [File not signed]
S1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV.sys [165968 2014-12-24] (Qihu 360 Software Co., Ltd.)
R2 DgiVecp; C:\WINDOWS\System32\Drivers\DgiVecp.sys [41984 2005-03-14] (DeviceGuys, Inc.) [File not signed]
S1 EfiMon; C:\WINDOWS\System32\Drivers\Efimon.sys [23752 2014-12-24] (360安全中心)
R3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
S0 HookPort; C:\WINDOWS\System32\Drivers\Hookport.sys [54856 2014-12-24] (360安全中心)
S3 qutmdserv; C:\WINDOWS\system32\drivers\qutmdrv.sys [257352 2014-12-24] (360.cn)
S1 qutmipc; C:\WINDOWS\system32\drivers\qutmipc.sys [45896 2014-12-24] (360.cn)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [393088 2005-08-11] (Sensaura)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2009-01-08] (Microsoft Corporation) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [230400 2005-03-30] (Marvell)
U5 1a9ead4e74ff825b; C:\Windows\System32\Drivers\1a9ead4e74ff825b.sys [87168 2015-05-06] () <===== ATTENTION Necurs Rootkit?
S3 cpuz135; \??\C:\Program Files\CPUID\PC Wizard 2012\pcwiz_x32.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 10:24 - 2014-12-24 11:11 - 00065608 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-05-07 10:17 - 2015-05-07 11:42 - 00000000 __SHD () C:\Documents and Settings\All Users\Application Data\360Quarant
2015-05-07 10:17 - 2015-05-07 11:42 - 00000000 __SHD () C:\$360Section
2015-05-07 09:48 - 2015-05-07 10:31 - 00000000 ____D () C:\Documents and Settings\v002\Application Data\360safe
2015-05-07 09:46 - 2015-05-07 11:37 - 00000000 ____D () C:\Documents and Settings\v002\Application Data\360WD
2015-05-07 09:46 - 2015-05-07 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\360safe
2015-05-07 09:46 - 2014-12-24 11:11 - 00045896 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmipc.sys
2015-05-07 09:45 - 2015-05-07 09:45 - 00000802 _____ () C:\Documents and Settings\v002\Desktop\360 Total Security.lnk
2015-05-07 09:45 - 2014-12-24 11:11 - 00174536 _____ (360安全中心) C:\WINDOWS\system32\Drivers\360SelfProtection.sys
2015-05-07 09:44 - 2015-05-07 09:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\360 Security Center
2015-05-07 09:44 - 2014-12-24 11:11 - 00257352 _____ (360.cn) C:\WINDOWS\system32\Drivers\qutmdrv.sys
2015-05-07 09:44 - 2014-12-24 11:11 - 00202312 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box.sys
2015-05-07 09:44 - 2014-12-24 11:11 - 00165968 _____ (Qihu 360 Software Co., Ltd.) C:\WINDOWS\system32\Drivers\BAPIDRV.SYS
2015-05-07 09:44 - 2014-12-24 11:11 - 00088136 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker.sys
2015-05-07 09:44 - 2014-12-24 11:11 - 00054856 _____ (360安全中心) C:\WINDOWS\system32\Drivers\hookport.sys
2015-05-07 09:44 - 2014-12-24 11:11 - 00034888 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera.sys
2015-05-07 09:44 - 2014-12-24 11:11 - 00023752 _____ (360安全中心) C:\WINDOWS\system32\Drivers\efimon.sys
2015-05-06 20:09 - 2015-05-07 11:42 - 00000000 ____D () C:\FRST
2015-05-06 19:34 - 2015-05-06 21:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-06 19:34 - 2015-05-06 20:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
2015-05-06 15:10 - 2015-05-06 15:10 - 00087168 _____ () C:\WINDOWS\system32\Drivers\1a9ead4e74ff825b.sys
2015-05-06 15:07 - 2015-05-07 11:23 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{6ADE9D9F-D94F-4334-91EB-2A31CF61FA5F}
2015-04-26 10:36 - 2015-04-26 10:36 - 00065938 _____ () C:\WINDOWS\KB2936068-IE8.log
2015-04-26 10:35 - 2015-04-26 10:35 - 00084791 _____ () C:\WINDOWS\KB982381-IE8.log
2015-04-26 10:34 - 2015-04-26 10:38 - 00007481 _____ () C:\WINDOWS\spupdsvc.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00009490 _____ () C:\WINDOWS\msmqinst.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00008184 _____ () C:\WINDOWS\tsoc.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00006235 _____ () C:\WINDOWS\ocgen.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00004825 _____ () C:\WINDOWS\ntdtcsetup.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00002495 _____ () C:\WINDOWS\netfxocm.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00001555 _____ () C:\WINDOWS\tabletoc.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00001330 _____ () C:\WINDOWS\ocmsn.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00001185 _____ () C:\WINDOWS\msgsocm.log
2015-04-26 10:34 - 2015-04-26 10:36 - 00000955 _____ () C:\WINDOWS\MedCtrOC.log
2015-04-26 10:34 - 2015-04-26 10:34 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-04-26 10:34 - 2015-04-26 10:34 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-04-26 10:33 - 2015-04-26 10:34 - 00000000 __HDC () C:\WINDOWS\ie8
2015-04-26 10:12 - 2015-04-26 10:36 - 00077876 _____ () C:\WINDOWS\updspapi.log
2015-04-23 09:47 - 2015-04-23 09:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-14 19:55 - 2015-04-14 19:55 - 00000406 _____ () C:\Documents and Settings\All Users\Desktop\Billiards.lnk
2015-04-14 19:55 - 2015-04-14 19:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ePlaybus.com
2015-04-14 15:01 - 2015-04-14 15:01 - 00000000 ____D () C:\Documents and Settings\v002\Start Menu\Programs\ePlaybus.com
2015-04-09 19:24 - 2015-04-09 19:24 - 00011776 ___SH () C:\Documents and Settings\v002\My Documents\Thumbs.db
2015-04-09 15:02 - 2015-04-09 15:02 - 00000145 _____ () C:\debug.txt
2015-04-09 15:01 - 2015-04-09 15:03 - 00000000 ____D () C:\Program Files\MyPlayCity.com

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-07 11:43 - 2013-10-26 14:59 - 00000000 ____D () C:\Documents and Settings\v002\Local Settings\Temp
2015-05-07 11:25 - 2013-10-26 17:24 - 00000982 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-07 11:24 - 2015-01-16 09:34 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-07 11:24 - 2015-01-16 09:33 - 00000052 _____ () C:\WINDOWS\wiaservc.log
2015-05-07 11:23 - 2013-10-26 14:58 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-07 11:10 - 2013-10-26 14:59 - 00000278 ___SH () C:\Documents and Settings\v002\ntuser.ini
2015-05-07 11:10 - 2013-10-26 14:58 - 00032604 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-07 11:10 - 2013-10-26 14:54 - 01993137 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-07 10:40 - 2014-11-22 22:25 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-05-07 10:20 - 2013-10-26 17:24 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-07 10:19 - 2013-11-11 13:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-07 10:19 - 2013-10-28 15:06 - 00000192 _____ () C:\WINDOWS\winamp.ini
2015-05-07 09:48 - 2014-06-09 19:40 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-07 09:40 - 2014-12-25 21:29 - 00000000 ____D () C:\Program Files\360
2015-05-07 09:33 - 2014-12-26 10:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-05-06 20:11 - 2014-12-22 10:28 - 00000000 ____D () C:\Documents and Settings\v002\Local Settings\Application Data\panda
2015-05-06 10:55 - 2013-10-26 14:59 - 00000000 ____D () C:\Documents and Settings\v002
2015-05-06 10:51 - 2013-10-28 09:37 - 00000000 ____D () C:\Documents and Settings\v002\Application Data\Skype
2015-05-06 10:47 - 2013-10-26 16:59 - 00000000 ____D () C:\Documents and Settings\v002\My Documents\My Photo
2015-04-27 19:38 - 2014-03-26 21:15 - 00000000 ____D () C:\Documents and Settings\v002\Application Data\Wise Disk Cleaner
2015-04-26 10:38 - 2013-10-26 17:27 - 00000000 ____D () C:\WINDOWS\Media
2015-04-26 10:38 - 2013-10-26 17:27 - 00000000 ____D () C:\WINDOWS\Help
2015-04-26 10:38 - 2013-10-26 14:59 - 00000803 _____ () C:\Documents and Settings\v002\Start Menu\Programs\Internet Explorer.lnk
2015-04-26 10:36 - 2014-04-05 10:02 - 00403693 _____ () C:\WINDOWS\KB2909921-IE8.log
2015-04-26 10:36 - 2014-04-05 10:01 - 00123359 _____ () C:\WINDOWS\FaxSetup.log
2015-04-26 10:36 - 2014-04-05 10:01 - 00055736 _____ () C:\WINDOWS\comsetup.log
2015-04-26 10:36 - 2014-04-05 10:01 - 00043768 _____ () C:\WINDOWS\iis6.log
2015-04-26 10:36 - 2014-04-05 10:01 - 00000584 _____ () C:\WINDOWS\imsins.log
2015-04-26 10:36 - 2014-04-05 09:51 - 00807909 _____ () C:\WINDOWS\ie8_main.log
2015-04-26 10:36 - 2014-03-26 20:32 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-04-26 10:36 - 2013-10-26 17:34 - 00000584 _____ () C:\WINDOWS\imsins.BAK
2015-04-26 10:35 - 2014-04-05 10:02 - 00373544 _____ () C:\WINDOWS\KB2598845-IE8.log
2015-04-26 10:34 - 2014-04-05 09:59 - 00536332 _____ () C:\WINDOWS\ie8.log
2015-04-26 10:13 - 2014-04-05 09:51 - 00311371 _____ () C:\WINDOWS\ie8Uninst.log
2015-04-25 09:17 - 2013-10-26 15:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2015-04-23 14:55 - 2013-10-26 17:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-20 19:49 - 2015-03-14 15:24 - 00001209 _____ () C:\WINDOWS\wmsetup.log
2015-04-14 21:20 - 2013-10-26 15:58 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-14 21:20 - 2013-10-26 15:58 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-10-26 15:52 - 2013-10-26 15:58 - 50053120 _____ () C:\Program Files\GUT39.tmp
2014-12-29 22:21 - 2014-12-29 22:23 - 10485760 _____ () C:\Program Files\WeatherEyeApp.log
2015-01-21 14:27 - 2015-02-28 20:49 - 0003584 _____ () C:\Documents and Settings\v002\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\v002\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\v002\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\v002\Local Settings\Temp\SoftonicAssistant_v0-1-6.exe
C:\Documents and Settings\v002\Local Settings\Temp\UninstallTrustedAds.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Като начало бих искал да обърна внимание на това, че поддръжката за вашата операционна система е вече прекратена. Тук можете да се запознаете по-подробно какво точно означава това за вас. Препоръчвам ви да се пренасочите към обновяване на хардуера, за да мигрирате към по-нова операционна система на Microsoft или да разгледате леките Linux дистрибуции.

http://windows.microsoft.com/bg-bg/windows/end-support-help

http://bg.wikipedia.org/wiki/Lubuntu

Стъпка 1

Моля, деинсталирайте следните програми:

  • ICQ Toolbar
  • Panda Security Toolbar
Препоръчвам ви също така да деинсталирате тези почистващи програми за регистъра:
  • Smart Start UP
  • Wise Disk Cleaner 7.66
Тук можете да откриете информация защо:

http://windows.microsoft.com/bg-bg/windows/are-registry-cleaners-necessary#1TC=windows-7

Стъпка 2

Имате остатъци от старата си антивирусна програма Avast. Нека ги почистим. За целта, моля изпълнете стъпките от тук:

https://www.avast.com/uninstall-utility

Ако имате някакви неясноти, кажете ми, за да ги изчистим.

Стъпка 3

Открих остатъци, включително и от по-стара антивирусна програма - ESET NOD32 Antivirus. Нека проверим и почистим. Тук ще откриете инструкции за ESET Uninstall Tool:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2289

Ако имате някакви затруднения, пишете ми.

Накрая рестартирайте компютъра си.

Стъпка 4

Изтеглете fixlist.txt и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.

 

Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

Стъпка 5

Моля, изтеглете Malwarebytes Anti-Malware 2.0.3.1025 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.
В следващия си коментар в тази тема, включете следните лог файлове:
  • Лог файл от FRST
  • Лог файл от Malwarebytes' Anti-Malware

fixlist.txt

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Има ли възможност да се запази историята на браузърите, след като приключа работа с FRST.exe? Защото някои страници ми трябват.


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Затворете всички отворени програми, преди да започнете, макар FRST да затваря всички стартирани процеси.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-05-2015 01
Ran by v002 at 2015-05-07 15:19:12 Run:2
Running from C:\Documents and Settings\v002\My Documents\Downloads
Loaded Profiles: v002 & UpdatusUser (Available profiles: v002 & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1123561945-861567501-1644491937-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [s-1-5-21-1123561945-861567501-1644491937-1004] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1123561945-861567501-1644491937-1003 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.tb.ask...r={searchTerms}
FF SelectedSearchEngine: AVG Secure Search
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-12-24]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
Locked "1a9ead4e74ff825b" service could not be unlocked. <===== ATTENTION
U5 1a9ead4e74ff825b; C:\Windows\System32\Drivers\1a9ead4e74ff825b.sys [87168 2015-05-06] () <===== ATTENTION Necurs Rootkit?
2015-04-09 15:01 - 2015-04-09 15:03 - 00000000 ____D () C:\Program Files\MyPlayCity.com
2015-04-14 19:55 - 2015-04-14 19:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ePlaybus.com
2015-04-14 15:01 - 2015-04-14 15:01 - 00000000 ____D () C:\Documents and Settings\v002\Start Menu\Programs\ePlaybus.com
2015-05-07 09:33 - 2014-12-26 10:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
EmptyTemp:
Reboot:
end
*****************

Processes closed successfully.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":ECF54A0E" ADS not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => Key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKU\S-1-5-21-1123561945-861567501-1644491937-1004\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
Error setting Default URLSearchHook.
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKU\S-1-5-21-1123561945-861567501-1644491937-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03} => Key not found.
HKCR\CLSID\{75b4241f-171e-44a3-bf44-23613b6e3e03} => Key not found.
Firefox SelectedSearchEngine deleted successfully.
"C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
HKLM\Software\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => Value not found.
Locked "1a9ead4e74ff825b" service could not be unlocked. <===== ATTENTION => Error: No automatic fix found for this entry.
1a9ead4e74ff825b => Error deleting Service
"C:\Program Files\MyPlayCity.com" => File/Directory not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\ePlaybus.com" => File/Directory not found.
"C:\Documents and Settings\v002\Start Menu\Programs\ePlaybus.com" => File/Directory not found.
"C:\Documents and Settings\All Users\Application Data\AVAST Software" => File/Directory not found.

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07.5.2015 г.
Scan Time: 15:34:03
Logfile: Log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.05.07.02
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: v002

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365499
Time Elapsed: 12 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-1123561945-861567501-1644491937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [50eafb7464262b0b55c256f2c53e7888],
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-1123561945-861567501-1644491937-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, , [50eafb7464262b0b55c256f2c53e7888],
PUP.Optional.MySearchTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{62155D33-3CE2-401E-8967-5A270628A3D5}, , [32081d52a5e5c47219e4fd8e9c67b44c],
Trojan.Bedep.ED, HKLM\SOFTWARE\CLASSES\CLSID\{F8A5FB0F-5C98-4683-9937-A52590A002A1}, , [bd7d0d62701af2444da41a39e02222de],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 13
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\BG, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\CZ, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\DE, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\EN, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\ES, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\FR, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\HE, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\RU, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\SK, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\TR, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar, , [e1594728ec9ef14523469a2e61a2c63a],

Files: 58
Rootkit.Necurs.R.32, C:\WINDOWS\SYSTEM32\drivers\1a9ead4e74ff825b.sys, , [b8d86ecf650b00d947cd49cd8e049f65],
Trojan.Bedep.ED, C:\Documents and Settings\All Users\Application Data\{6ADE9D9F-D94F-4334-91EB-2A31CF61FA5F}\vss_ps.dll, , [bd7d0d62701af2444da41a39e02222de],
Trojan.Downloader, C:\Documents and Settings\v002\Local Settings\Temp\rad10B51.tmp.dll, , [192190df553551e542cf213456acab55],
Rootkit.Agent.ED, C:\WINDOWS\Installer\{E6D8E70A-B3EE-FD7A-7F36-8BF95D9C3313}\syshost.exe, , [47f3284795f53501a51eac78df236898],
PUP.Optional.ICQPlugin.A, C:\Documents and Settings\v002\Application Data\Mozilla\Firefox\Profiles\21njerzb.default\searchplugins\icqplugin.xml, , [fe3c422d7a103ff78cd3459233d02ed2],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\BG\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\BG\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\BG\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\CZ\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\CZ\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\CZ\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\CZ\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\DE\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\DE\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\DE\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\DE\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\EN\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\EN\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\EN\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\ES\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\ES\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\ES\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\FR\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\FR\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\FR\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\HE\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\HE\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\HE\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\RU\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\RU\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\RU\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\SK\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\SK\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\SK\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\TR\Configuration.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\TR\OptionDlg.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Documents and Settings\All Users\Application Data\ICQ\ICQToolbar\XML\TR\UserInterface.xml, , [cf6be18e018951e5fc6ce2e6b25136ca],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\Icons.bmp, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\ICQ Service.exe, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\icq6Toolbar.ico, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\ICQToolBar.dll, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\logo_small.gif, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\ServiceStarter.exe, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\short.wav, , [e1594728ec9ef14523469a2e61a2c63a],
PUP.Optional.ICQToolbar.A, C:\Program Files\ICQ6Toolbar\Version.txt, , [e1594728ec9ef14523469a2e61a2c63a],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

  • Моля, изтеглете и стартирайте изпълнимия файл от линка отдолу:

    ESET OnlineScan

  • Сложете отметката предesetAcceptTerms.png
  • Натиснете бутона esetStart.png.
  • Сложете отметката пред Enable detection of potentially unwanted applications.
  • Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Изберете сега бутона Change и изберете само Operating memory и дял C:\
fhSji42.png
  • Натиснете бутона Start.
  • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
  • След като проверката приключи натиснете бутонаesetListThreats.png
  • Сега натиснете бутона esetExport.png, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
  • Натиснете бутона esetBack.png и след това натиснете бутона esetFinish.png за да затворите приложението.
  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AR4GJE1J\CloudAntivirus[1].exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Documents and Settings\v002\Local Settings\Application Data\AdTrustMedia\PrivDog\PrivDogSetup_3.0.97.0.exe    a variant of Win32/Adware.PrivDog.A application
C:\Documents and Settings\v002\Local Settings\Application Data\Mobogenie\Version\CacheVersion\Mobogenie2.1.36.zip    a variant of Win32/Mobogenie.A potentially unwanted application
C:\WINDOWS\system32\drivers\browserMon.sys    Win32/Adware.PrivDog.A application

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Направих каквото е необходимо.

 

Благодаря за помощта!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Моля! Всичко хубаво! :)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.