Премини към съдържанието

    Препоръчан отговор

    tdrgrgv    0

    MODEDIT:   Моля, прочетете внимателно правилата на подраздела:
     
    Правила на форум: Премахване на зловреден софтуер - HiJackThis логове

     

    Следвайте стъпките на темата:

     

    : Системата ми е инфектирана - Какво да правя сега?

     

     
     
    ESETSmartInstaller@High as downloader log:
    all ok
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # EOSSerial=42491c9daae6534a99bc73bcb868a8e8
    # end=init
    # utc_time=2015-06-29 07:19:19
    # local_time=2015-06-29 10:19:19 )
    # country="Bulgaria"
    # osver=6.1.7601 NT Service Pack 1
    Update Init
    Update Download
    Update Finalize
    Updated modules version: 24548
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # EOSSerial=42491c9daae6534a99bc73bcb868a8e8
    # end=updated
    # utc_time=2015-06-29 07:22:22
    # local_time=2015-06-29 10:22:22 )
    # country="Bulgaria"
    # osver=6.1.7601 NT Service Pack 1
    # product=EOS
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.7777
    # api_version=3.1.1
    # EOSSerial=42491c9daae6534a99bc73bcb868a8e8
    # engine=24548
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2015-06-29 08:26:58
    # local_time=2015-06-29 11:26:58 )
    # country="Bulgaria"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode_1='Microsoft Security Essentials'
    # compatibility_mode=5895 16777213 100 100 3376511 102015306 0 0
    # scanned=171102
    # found=53
    # cleaned=51
    # scan_time=3876
    sh=566D7633907629212EB457A1DE45040881D91DD8 ft=1 fh=c71c0011eb8f3f3b vn="a variant of Win32/Adware.MultiPlug.JY application" ac=I fn="C:\Users\All Users\FineDealSoft\ZjAaaofwRQMcGj.exe"
    sh=C106E458753B44D18F15321A89BD5848A22788B7 ft=1 fh=c71c0011d9e6202d vn="a variant of Win32/AdWare.MultiPlug.BN application" ac=I fn="C:\Users\All Users\saveitkeep\YmTbDOAb1vSuFn.exe"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\ddeal4REal\jJcSvAoIJ13KWo.exe"
    sh=6577C895CB5F434F9D64C4FC4858DA7BF0824805 ft=1 fh=96624ceb45d4cfcc vn="a variant of Win64/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\ddeal4REal\jJcSvAoIJ13KWo.x64.dll"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\easytoosHop\easytoosHop.exe"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\FineDeALSoft\FineDeALSoft.exe"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\GNow Voice Search\GNow Voice Search.exe"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Protopage RSS Reader\Protopage RSS Reader.exe"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\savinnshopa\savinnshopa.exe"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\SmartaCoMpauRe\XnzvSILcoz5e7p.exe"
    sh=FC25ADFCD3C490C80BC6A1F7BFDBF823FE38F8B7 ft=1 fh=96624ceb86cbe914 vn="a variant of Win64/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\SmartaCoMpauRe\XnzvSILcoz5e7p.x64.dll"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Spreed speed read the web\Spreed speed read the web.exe"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\easytoshoap\bxb9kK3kxjSq0i.exe"
    sh=D2471077BC81606742D8D9FF0BF793654597B1BE ft=1 fh=921d89eb2974b2ee vn="a variant of Win64/Adware.MultiPlug.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\easytoshoap\bxb9kK3kxjSq0i.x64.dll"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\rEaldeeal\FH5VZZrox1bmYl.exe"
    sh=397481BD8145A3E6FE8368F5365EFB3CEB40097C ft=1 fh=468636d72249f836 vn="a variant of Win64/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\rEaldeeal\FH5VZZrox1bmYl.x64.dll"
    sh=57F3815D0942E3B0A9BEF621A7B4971F55FC74D7 ft=1 fh=c71c0011d20a434c vn="Win32/Adware.MultiPlug.KG application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\saferweeb\saferweeb.exe"
    sh=566D7633907629212EB457A1DE45040881D91DD8 ft=1 fh=c71c0011eb8f3f3b vn="a variant of Win32/Adware.MultiPlug.JY application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\FineDealSoft\ZjAaaofwRQMcGj.exe"
    sh=C106E458753B44D18F15321A89BD5848A22788B7 ft=1 fh=c71c0011d9e6202d vn="a variant of Win32/AdWare.MultiPlug.BN application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\saveitkeep\YmTbDOAb1vSuFn.exe"
    sh=BCA587FF66FD8DD52F0CF166C4C7D09FC65857B7 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\217\jcu3U8N.js.vir"
    sh=5CFC616278B80A3250864BF37E3D520F93E113DA ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\217\lsdb.js.vir"
    sh=A812A2143E429DB9B06823C9017E6128B4BD6A3F ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\gpgficlpgfomicakhjkinbngidnclfli\6.2\content.js.vir"
    sh=3D769A170F0600F2984C37B4D6BF0D72266B3270 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\gpgficlpgfomicakhjkinbngidnclfli\6.2\eh1IIxR.js.vir"
    sh=A812A2143E429DB9B06823C9017E6128B4BD6A3F ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\klaecimjlbpfompicealiiifcdjnkbpn\219\content.js.vir"
    sh=B32AF8E931CBC1E0795407F857CC06D588CD9F9F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\klaecimjlbpfompicealiiifcdjnkbpn\219\pQ5.js.vir"
    sh=A812A2143E429DB9B06823C9017E6128B4BD6A3F ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\141\content.js.vir"
    sh=60FB38A575D2D3AFEC41353CE235440D500A2B84 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\141\DJZhqs.js.vir"
    sh=6ACDFE30F6488C45D8307EE2289CB44C4E9E7D53 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\plpdjbappofmfbgdmhoaabefbobddchk\143\content.js.vir"
    sh=1EBF650F783A6B71F0CC941B23148A463246BA17 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\plpdjbappofmfbgdmhoaabefbobddchk\143\llzkqFCW.js.vir"
    sh=5CFC616278B80A3250864BF37E3D520F93E113DA ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\ppmjceoiaemcohnikoniifdmoemkegej\234\lsdb.js.vir"
    sh=2CBFD4E9FEC45F4DFA6FF73DE565A530E62214F4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Local\Torch\User Data\Default\Extensions\ppmjceoiaemcohnikoniifdmoemkegej\234\tAhzU4VKu.js.vir"
    sh=4D313FEC05E229F05E7E6456F8E83E12E5AE7C15 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\4twa@uoyoewt.com\content\bg.js.vir"
    sh=D76DBBF21BA73EECF4F3D9C2FA189456FF7EE1E5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\Jwo@Zi.net\content\bg.js.vir"
    sh=472E60BAC1FC6BE0DF79F147ACD08DCE82D1EA00 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\WAw1@RW.com\content\bg.js.vir"
    sh=E2A310045560F4B26B0CD68B5E5D90F403937A19 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\X@TXP2YeFkD.edu\content\bg.js.vir"
    sh=8AD560A25831F659340CEC9853D2E73A07A0DCCE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\HP ProBook\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged\Z8vMJAo6T6@j.org\content\bg.js.vir"
    sh=E78AE202C45F0888D5BB8755A440275C5A415009 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Crossbrowse\Crossbrowse\User Data\Profile 1\Extensions\jhjjaieabcmmdcjkiohhcigkhcgjmdep\1.0_0\bg.js"
    sh=BCA587FF66FD8DD52F0CF166C4C7D09FC65857B7 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\217\jcu3U8N.js"
    sh=5CFC616278B80A3250864BF37E3D520F93E113DA ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\agfjdflmdlnffhlfmjdpbcoccaeamikk\217\lsdb.js"
    sh=A812A2143E429DB9B06823C9017E6128B4BD6A3F ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpgficlpgfomicakhjkinbngidnclfli\6.2\content.js"
    sh=3D769A170F0600F2984C37B4D6BF0D72266B3270 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpgficlpgfomicakhjkinbngidnclfli\6.2\eh1IIxR.js"
    sh=A812A2143E429DB9B06823C9017E6128B4BD6A3F ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klaecimjlbpfompicealiiifcdjnkbpn\219\content.js"
    sh=B32AF8E931CBC1E0795407F857CC06D588CD9F9F ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klaecimjlbpfompicealiiifcdjnkbpn\219\pQ5.js"
    sh=A812A2143E429DB9B06823C9017E6128B4BD6A3F ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\141\content.js"
    sh=60FB38A575D2D3AFEC41353CE235440D500A2B84 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip\141\DJZhqs.js"
    sh=6ACDFE30F6488C45D8307EE2289CB44C4E9E7D53 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plpdjbappofmfbgdmhoaabefbobddchk\143\content.js"
    sh=1EBF650F783A6B71F0CC941B23148A463246BA17 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\plpdjbappofmfbgdmhoaabefbobddchk\143\llzkqFCW.js"
    sh=5CFC616278B80A3250864BF37E3D520F93E113DA ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppmjceoiaemcohnikoniifdmoemkegej\234\lsdb.js"
    sh=2CBFD4E9FEC45F4DFA6FF73DE565A530E62214F4 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ppmjceoiaemcohnikoniifdmoemkegej\234\tAhzU4VKu.js"
    sh=E78AE202C45F0888D5BB8755A440275C5A415009 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jhjjaieabcmmdcjkiohhcigkhcgjmdep\1.0_0\bg.js"
    sh=BB5260311D84A367FE98DD13F29C43205FAA58CF ft=1 fh=a6caf9f7a027628c vn="a variant of Win32/RiskWare.Astori.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Roaming\InetStat\inetstat.exe"
    sh=BB5260311D84A367FE98DD13F29C43205FAA58CF ft=1 fh=a6caf9f7a027628c vn="a variant of Win32/RiskWare.Astori.C application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Roaming\InetStat\inetstat.exe.6664"
    sh=FE25AC76655BF8E5298D36EC5FC57A62BEA16ED0 ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\HP ProBook\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    icotonev    7525

    И какво да правим сега..?

     

    изпляскахте един дневник и ..готово..! За последен път:

     

    : Системата ми е инфектирана - Какво да правя сега?

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    icotonev    7525

    Темата се затваря поради нежелание на автора и спазва правилата ни...и нежеланието да публикува необходимите  дневници....без тях няма как да помогнем.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове
    Гост
    Тази тема е заключена за нови отговори.

    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.