Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Проблем с infection: URL:Mal


Препоръчан отговор


Здравейте, имам следният проблем с аваст съм и при всеки един сайт, който отворя или просто празен таб ми се появява следното съобщение на двата браузъра Firefox and Chrome като object-a се сменя:
  t242soe4qlte57p7g.jpg
 

Линк към този отговор
Сподели в други сайтове

Аваста ти е полудял!Направи така,че браузърите да са в изключенията на Аваст .

Линк към този отговор
Сподели в други сайтове

На дали е от това според мен съм пипнал нещо, това се появи след като се беше инсталирала някаква програма за сваляне.

Линк към този отговор
Сподели в други сайтове

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Achito (administrator) on ANTON on 18-07-2015 20:16:10
Running from C:\Users\Achito\Desktop
Loaded Profiles: Achito (Available Profiles: Achito)
Platform: Windows 8.1 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\Achito\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-24] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\...\Run: [uTorrent] => C:\Users\Achito\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-12] (BitTorrent Inc.)
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\...\Run: [Facebook Update] => C:\Users\Achito\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-11] (Facebook Inc.)
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\...\Run: [Dropbox Update] => C:\Users\Achito\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-18] (Dropbox, Inc.)
Startup: C:\Users\Achito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Achito\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Achito\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-10-02] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://trovi.com?SearchSource=10&CUI=UN31173509391104331&UM=4&ctid=CT3329621
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
SearchScopes: HKLM-x32 -> DefaultScope {2FAC5A17-A192-44D4-9972-22271CAC26FB} URL =
SearchScopes: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 -> DefaultScope {2FAC5A17-A192-44D4-9972-22271CAC26FB} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN31173509391104331&UM=4
SearchScopes: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 -> {2FAC5A17-A192-44D4-9972-22271CAC26FB} URL = http://trovi.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3329621&CUI=UN31173509391104331&UM=4
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
Toolbar: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 -> BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4E8FD3F6-A199-4CD4-A541-0D9015F5DB3B}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-791149233-2328095975-4147428115-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Achito\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-791149233-2328095975-4147428115-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Achito\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-791149233-2328095975-4147428115-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-21] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2008-06-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-31] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-31] (Apple Inc.)
FF Extension: CutTThePrioce - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\[email protected] [2015-07-18]
FF Extension: BS Player ControlBar B  - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\{31264a33-a653-46c4-af49-1232c59a7da5} [2015-07-18]
FF Extension: Firebug - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\[email protected] [2014-10-18]
FF Extension: Sportingbet България - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\[email protected] [2014-10-02]
FF Extension: NoScript - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-10-18]
FF Extension: Video DownloadHelper - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-02]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-15]
CHR Extension: (Google Docs) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-15]
CHR Extension: (Google Drive) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-15]
CHR Extension: (YouTube) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-15]
CHR Extension: (Google Search) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-15]
CHR Extension: (Avast SafePrice) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-07-18]
CHR Extension: (Google Sheets) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-15]
CHR Extension: (Avast Online Security) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-15]
CHR Extension: (Google Wallet) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-15]
CHR Extension: (Gmail) - C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-15]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2015-05-19] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Quizzical Range; C:\Users\Achito\AppData\Roaming\Quizzical Range\Quizzical Range.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2014-07-22] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-03] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-03] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-03] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-04] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-03] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-03] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-04] (Disc Soft Ltd)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 20:16 - 2015-07-18 20:17 - 00023623 _____ C:\Users\Achito\Desktop\FRST.txt
2015-07-18 20:14 - 2015-07-18 20:16 - 00000000 ____D C:\FRST
2015-07-18 20:13 - 2015-07-18 20:13 - 02134528 _____ (Farbar) C:\Users\Achito\Desktop\FRST64.exe
2015-07-18 19:21 - 2015-07-18 19:21 - 02248704 _____ C:\Users\Achito\Downloads\adwcleaner_4.208.exe
2015-07-18 17:32 - 2015-07-18 17:32 - 00000000 ____D C:\ProgramData\4392950016782254136
2015-07-18 17:31 - 2015-07-18 17:32 - 00000000 ____D C:\Program Files (x86)\CutTThePrioce
2015-07-18 17:30 - 2015-07-18 17:30 - 00000000 ____D C:\ProgramData\nkaaoindbpafdnliclicpciclcepmlnm
2015-07-18 17:30 - 2015-07-18 17:30 - 00000000 ____D C:\ProgramData\ciopfpjphcicgdnkoknaommpehcjmmcf
2015-07-18 17:29 - 2015-07-18 17:30 - 00000000 ____D C:\Users\Achito\AppData\Roaming\Quizzical Range
2015-07-18 17:29 - 2015-07-18 17:29 - 00000410 _____ C:\Windows\Tasks\ClearTasks.job
2015-07-18 17:29 - 2015-07-18 17:29 - 00000000 ____D C:\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}
2015-07-18 14:38 - 2015-07-18 14:38 - 00000000 ____D C:\Users\Achito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-18 14:36 - 2015-07-18 19:47 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-791149233-2328095975-4147428115-1001UA.job
2015-07-18 14:36 - 2015-07-18 19:47 - 00000882 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-791149233-2328095975-4147428115-1001Core.job
2015-07-18 14:36 - 2015-07-18 19:42 - 00003882 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-791149233-2328095975-4147428115-1001UA
2015-07-18 14:36 - 2015-07-18 19:42 - 00003502 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-791149233-2328095975-4147428115-1001Core
2015-07-18 14:35 - 2015-07-18 14:35 - 00000000 ____D C:\Users\Achito\AppData\Local\Dropbox
2015-07-18 14:35 - 2015-07-18 14:35 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-18 10:15 - 2015-07-18 10:15 - 00091834 _____ C:\Users\Achito\Downloads\Turret D 2013 [2.3].scm
2015-07-12 23:49 - 2015-07-12 23:49 - 00000000 ____D C:\Program Files (x86)\HTC
2015-07-12 23:47 - 2015-07-12 23:47 - 00000000 ____D C:\ProgramData\HTC
2015-07-07 22:19 - 2015-07-07 22:28 - 799821406 _____ C:\Users\Achito\Desktop\Примитивни типове данни и променливи (група 1).mp4
2015-07-07 22:10 - 2015-07-08 22:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 22:45 - 2015-07-06 22:46 - 00000000 ____D C:\Users\Achito\Downloads\Homework-Introduction to Programming-63638
2015-07-06 22:44 - 2015-07-06 22:44 - 00292999 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-63638.rar
2015-07-06 22:43 - 2015-07-06 22:43 - 00286766 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-64175(1).rar
2015-07-06 22:40 - 2015-07-06 22:40 - 00286766 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-64175.rar
2015-07-06 22:32 - 2015-07-06 22:32 - 00050979 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-63629.7z
2015-07-06 22:27 - 2015-07-06 22:27 - 00000000 ____D C:\Users\Achito\Downloads\Homework-Introduction to Programming-64324(1)
2015-07-06 22:21 - 2015-07-06 22:21 - 00287530 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-61638.rar
2015-07-06 22:14 - 2015-07-06 22:14 - 00015702 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-63443.rar
2015-07-06 22:03 - 2015-07-06 22:03 - 00021978 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-63897.rar
2015-07-06 21:53 - 2015-07-06 21:53 - 00315291 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-63448.zip
2015-07-06 21:46 - 2015-07-06 21:46 - 00048845 _____ C:\Users\Achito\Downloads\Homework-Introduction to Programming-64483.7z
2015-07-04 15:38 - 2015-07-04 15:39 - 00000000 ____D C:\Users\Achito\Documents\StarCraft II
2015-07-04 15:37 - 2015-07-04 15:38 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-07-04 15:33 - 2015-07-04 15:33 - 00000493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.lnk
2015-07-03 23:37 - 2015-07-03 23:38 - 00070656 _____ (Blizzard Entertainment) C:\Windows\ScUnin.exe
2015-07-03 23:37 - 2015-07-03 23:38 - 00029384 _____ C:\Windows\scunin.dat
2015-07-03 23:37 - 2015-07-03 23:38 - 00000967 _____ C:\Windows\ScUnin.pif
2015-07-03 23:37 - 2015-07-03 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Starcraft
2015-07-03 21:24 - 2015-07-03 21:24 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-03 21:24 - 2015-07-03 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-03 21:22 - 2014-11-21 20:52 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\asw381E.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3CA7.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00224896 _____ C:\Windows\system32\Drivers\asw3D25.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3A32.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3D93.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3B0F.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00065776 _____ C:\Windows\system32\Drivers\asw3C39.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00029208 _____ C:\Windows\system32\Drivers\asw3AB0.tmp
2015-07-03 21:21 - 2015-07-03 21:21 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-07-03 21:19 - 2015-07-03 21:19 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-07-03 21:02 - 2015-07-03 21:02 - 01331823 _____ (Igor Pavlov) C:\Users\Achito\Downloads\7z1505-x64.exe
2015-07-03 21:02 - 2015-07-03 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-07-03 21:02 - 2015-07-03 21:02 - 00000000 ____D C:\Program Files\7-Zip
2015-06-30 20:23 - 2015-06-30 20:26 - 29548928 _____ (EaseUS ) C:\Users\Achito\Downloads\epm_trial.exe
2015-06-25 21:53 - 2015-06-25 21:53 - 01240624 _____ (Microsoft Corporation) C:\Users\Achito\Downloads\vs_community(1).exe
2015-06-24 22:46 - 2015-06-24 22:46 - 00000000 ____D C:\Users\Achito\AppData\Roaming\Microsoft FxCop
2015-06-24 20:09 - 2015-06-24 20:09 - 00000000 ____D C:\Users\Achito\AppData\Roaming\TeamViewer
2015-06-24 19:51 - 2015-06-24 19:51 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-24 19:50 - 2015-06-24 19:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-24 19:50 - 2015-06-18 13:25 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2015-06-24 19:49 - 2015-06-24 19:49 - 08053120 _____ (TeamViewer GmbH) C:\Users\Achito\Downloads\TeamViewer_Setup_bg.exe
2015-06-24 19:45 - 2015-06-24 19:45 - 00000000 ____D C:\Users\Achito\Downloads\TL-WN723N_V3_130315
2015-06-24 19:42 - 2015-06-24 19:42 - 00000000 ____D C:\Users\Achito\Downloads\TL-WN723N_V2_111209
2015-06-24 19:40 - 2015-06-24 19:41 - 16075507 _____ C:\Users\Achito\Downloads\TL-WN723N_V3_130315.zip
2015-06-24 19:38 - 2015-06-24 19:41 - 26036464 _____ C:\Users\Achito\Downloads\TL-WN723N_V2_111209.zip
2015-06-23 23:21 - 2015-06-23 23:21 - 00000000 ____D C:\Users\Achito\AppData\Roaming\NuGet
2015-06-23 23:08 - 2015-06-23 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-06-23 23:08 - 2015-06-23 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-06-23 23:05 - 2015-06-23 23:05 - 00000000 ____D C:\Program Files (x86)\Windows Phone Silverlight Kits
2015-06-23 23:04 - 2015-06-23 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-06-23 23:01 - 2015-07-10 22:07 - 00000000 ____D C:\Users\Achito\Documents\Visual Studio 2013
2015-06-23 23:00 - 2015-06-23 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft XDE
2015-06-23 22:54 - 2015-06-23 22:54 - 00000000 ____D C:\Program Files (x86)\AppInsights
2015-06-23 22:48 - 2015-06-23 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-23 22:46 - 2015-06-23 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-23 22:46 - 2015-06-23 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2015-06-23 22:44 - 2015-06-23 22:44 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-06-23 22:44 - 2015-06-23 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-06-23 22:42 - 2015-06-23 22:56 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2015-06-23 22:42 - 2015-06-23 22:42 - 00000000 ____D C:\Program Files\Application Verifier
2015-06-23 22:42 - 2015-06-23 22:42 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2015-06-23 22:40 - 2015-06-23 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-06-23 22:37 - 2015-06-23 22:37 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2015-06-23 22:34 - 2015-06-23 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-06-23 22:31 - 2015-06-23 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2015-06-23 22:30 - 2015-06-23 22:54 - 00000000 ____D C:\Program Files\IIS Express
2015-06-23 22:30 - 2015-06-23 22:54 - 00000000 ____D C:\Program Files (x86)\IIS Express
2015-06-23 22:29 - 2015-06-23 22:29 - 00000000 ____D C:\ProgramData\NuGet
2015-06-23 22:29 - 2015-06-23 22:29 - 00000000 ____D C:\Program Files (x86)\NuGet
2015-06-23 22:29 - 2015-06-23 22:29 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2015-06-23 22:28 - 2015-06-23 22:28 - 00000000 ____D C:\Program Files\IIS
2015-06-23 22:28 - 2015-06-23 22:28 - 00000000 ____D C:\Program Files (x86)\IIS
2015-06-23 22:26 - 2015-06-23 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-06-23 22:18 - 2015-06-23 22:24 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2015-06-23 22:18 - 2015-06-23 22:18 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
2015-06-23 22:17 - 2015-06-23 22:17 - 00000000 ____D C:\Windows\symbols
2015-06-23 22:17 - 2015-06-23 22:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2015-06-23 22:17 - 2015-06-23 22:17 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2015-06-23 22:12 - 2015-06-23 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-06-23 22:12 - 2015-06-23 22:23 - 00000000 ____D C:\Windows\SysWOW64\1033
2015-06-23 22:00 - 2015-06-23 22:15 - 00000000 ____D C:\Windows\system32\1033
2015-06-23 21:59 - 2015-06-23 21:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2015-06-23 21:56 - 2015-06-23 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-06-23 21:56 - 2015-06-23 21:56 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2015-06-23 21:48 - 2015-06-23 21:48 - 01240624 _____ (Microsoft Corporation) C:\Users\Achito\Downloads\vs_community.exe
2015-06-23 21:28 - 2015-06-23 21:28 - 06496201 _____ C:\Users\Achito\Downloads\2. Introduction-to-Programming.pptx
2015-06-23 21:27 - 2015-06-23 21:28 - 00004846 _____ C:\Users\Achito\Downloads\2. Introduction-to-Programming-Demos.zip
2015-06-22 23:49 - 2015-06-23 01:16 - 00000132 _____ C:\Users\Achito\Desktop\Продължение на 2-тета.txt
2015-06-22 22:50 - 2015-06-22 22:56 - 742029827 _____ C:\Users\Achito\Desktop\Въведение в програмирането - група 1.mp4
2015-06-21 22:18 - 2015-06-21 22:19 - 00000000 ____D C:\Users\Achito\Downloads\Homework
2015-06-21 22:17 - 2015-06-21 22:17 - 00011736 _____ C:\Users\Achito\Downloads\Homework.rar
2015-06-21 22:17 - 2015-06-21 22:17 - 00000000 ____D C:\Users\Achito\Downloads\Homework-Math for Developers-61427
2015-06-18 22:06 - 2015-06-18 22:07 - 04585787 _____ C:\Users\Achito\Downloads\1. Math-for-Developers.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-18 20:17 - 2014-10-02 23:04 - 00000000 ____D C:\Users\Achito\AppData\Roaming\uTorrent
2015-07-18 20:16 - 2014-10-03 06:45 - 01802579 _____ C:\Windows\WindowsUpdate.log
2015-07-18 20:00 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-18 19:59 - 2014-10-02 22:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-18 19:28 - 2014-12-24 12:40 - 00001456 _____ C:\Users\Achito\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-07-18 19:28 - 2014-10-03 06:45 - 00000000 ____D C:\Users\Achito
2015-07-18 18:09 - 2014-10-11 21:04 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-791149233-2328095975-4147428115-1001UA.job
2015-07-18 17:52 - 2015-05-19 22:59 - 00000000 ____D C:\ProgramData\Autodesk
2015-07-18 17:52 - 2015-05-19 22:59 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-07-18 17:51 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\Help
2015-07-18 17:48 - 2014-10-02 20:50 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-791149233-2328095975-4147428115-1001
2015-07-18 17:43 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-18 14:40 - 2015-04-08 20:51 - 00000000 ___RD C:\Users\Achito\Dropbox
2015-07-18 14:39 - 2015-04-08 20:48 - 00000000 ____D C:\Users\Achito\AppData\Roaming\Dropbox
2015-07-18 09:44 - 2014-11-11 00:50 - 00000000 ___DO C:\Users\Achito\OneDrive
2015-07-15 23:13 - 2014-10-02 21:48 - 12103106 _____ C:\Users\Public\CAFADEBUG.log
2015-07-15 20:00 - 2015-01-15 23:44 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-15 19:59 - 2014-10-02 22:30 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-13 21:09 - 2014-10-11 21:04 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-791149233-2328095975-4147428115-1001Core.job
2015-07-13 21:00 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\system32\NDF
2015-07-13 17:50 - 2014-10-02 22:30 - 00000000 ____D C:\Users\Achito\AppData\Local\Adobe
2015-07-12 23:48 - 2014-10-02 21:12 - 00018124 _____ C:\Windows\DPINST.LOG
2015-07-12 23:47 - 2014-10-02 20:57 - 00000000 ____D C:\Temp
2015-07-12 23:47 - 2013-08-22 17:46 - 00004424 _____ C:\Windows\setupact.log
2015-07-08 22:08 - 2014-10-02 20:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-06 22:18 - 2014-10-03 06:45 - 00000000 ____D C:\Users\Achito\AppData\Local\Packages
2015-07-04 09:20 - 2014-10-02 21:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-04 09:14 - 2014-10-02 21:14 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-03 21:25 - 2013-08-22 16:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-03 21:21 - 2014-10-02 21:14 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys.1435990832343
2015-07-03 21:21 - 2014-10-02 21:14 - 00272248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-07-03 21:21 - 2014-10-02 21:14 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-07-03 21:21 - 2014-10-02 21:14 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-03 21:21 - 2014-10-02 21:14 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-03 21:21 - 2014-10-02 21:14 - 00065736 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-03 21:21 - 2014-10-02 21:14 - 00029168 _____ C:\Windows\system32\Drivers\aswHwid.sys
2015-07-03 21:19 - 2014-10-02 21:14 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-03 20:03 - 2014-10-06 20:43 - 00000000 ____D C:\Users\Achito\AppData\Local\Microsoft Help
2015-06-30 20:09 - 2013-08-22 18:36 - 00000000 ____D C:\Windows\rescache
2015-06-23 23:11 - 2014-10-06 20:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-23 23:10 - 2014-10-06 20:47 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-06-23 23:03 - 2014-10-02 20:56 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-23 22:43 - 2013-08-22 18:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-06-23 22:30 - 2013-08-22 18:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-23 22:01 - 2014-10-12 01:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-06-22 22:50 - 2014-12-30 11:40 - 00000000 ____D C:\Users\Achito\dwhelper
2015-06-20 17:29 - 2014-10-02 20:48 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2014-10-06 20:51 - 2014-10-11 21:01 - 0001456 _____ () C:\Users\Achito\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-12-24 12:40 - 2015-07-18 19:28 - 0001456 _____ () C:\Users\Achito\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-02 21:06 - 2014-10-02 21:06 - 0000017 _____ () C:\Users\Achito\AppData\Local\resmon.resmoncfg
2014-10-02 21:27 - 2014-10-02 21:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Achito\AppData\Local\Temp\AcDeltree.exe
C:\Users\Achito\AppData\Local\Temp\appshat_generic.exe
C:\Users\Achito\AppData\Local\Temp\B252.exe
C:\Users\Achito\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Achito\AppData\Local\Temp\bitool.dll
C:\Users\Achito\AppData\Local\Temp\cabex.dll
C:\Users\Achito\AppData\Local\Temp\CH.dll
C:\Users\Achito\AppData\Local\Temp\CheatEngine63.exe
C:\Users\Achito\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphuejb2.dll
C:\Users\Achito\AppData\Local\Temp\ose00000.exe
C:\Users\Achito\AppData\Local\Temp\SIntf16.dll
C:\Users\Achito\AppData\Local\Temp\SIntf32.dll
C:\Users\Achito\AppData\Local\Temp\SIntfNT.dll
C:\Users\Achito\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 18:06

==================== End of log ============================

Addition.txt


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

 

Лошото е, че гадината е обновила браузъра ви до версия за разработчици, където всички защитни механизми за свалени и дори след като го почистихме след време гадината пак ще си инсталира зловредните добавки.

 

CHR dev: Chrome dev build detected! <======= ATTENTION

 

Затова...решението е пълно деинсталиране на браузъра Google Chrome с GeekUninstaller и след това инсталирането на последната стабилна версия на браузъра.

 

Преди да го деинсталирате е добре да си запазите всички пароли и добавки ако имате такива.

 

Експортиране на отметки от Chrome:

  1. В горния десен ъгъл на прозореца на браузъра кликнете върху менюто на Chrome.
  2. Изберете Отметки > Диспечер на отметките.
  3. Кликнете върху менюто „Организиране“ в диспечера.
  4. Сега изберете Export bookmarks to HTML file.

Тук са даден инструкции след това как да ги импортнете обратно след преинсталацията на браузъра:

http://www.wikihow.c...rks-from-Chrome

 

За паролите вижте дали следния инструмент сработва:

http://www.intowindo...chrome-browser/

 

Сега вече деинсталирайте браузъра с GeekUninstaller по следния начин:

 

Изтеглете програмата GeekUninstaller и я запазете на десктопа.

Разархивирайте я и стартирайте файла geek.exe IxXO5oO.jpg
От списъка намерете Google Chrome (примера е за Mozilla Firefox, но това е просто за показно).

Кликнете с десен бутон върху програмата и изберете Uninstall
 
XhV2QLa.png
 
След края на инсталацията ще се отвори прозорец подканващ ви да премахнете всички остатъци от програмата (ако има такива, ако няма този прозорец няма да се появи):
 
Пример за Mozilla браузъра:

 

geekuninstaller-3.png

Натиснете бутона Finish за да изтриете останките от програмата.

 

След това вече изтеглете и инсталирайте последната стабилна версия на Google Chrome оттук => Google Chrome 43.0.2357.134 Stable

 

След като сте готови пишете за да ви дам следващите инструкции...


Деинсталирайте още и BS Player ControlBar B Toolbar for IE

 

 

СЛЕД ТОВА:

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Пишете след това как е положението! :)

 

 

Поздрави!

Линк към този отговор
Сподели в други сайтове

Премахнах Хром-а, както ми казахте, но като тръгна да инсталирам хром-а от линка, който сте ми посочили ми дава грешка.

Линк към този отговор
Сподели в други сайтове

Да, често срещано е при тази зараза. Ще оправим и това. Сега продължете с добавените инструкции в горния ми пост. :)

Линк към този отговор
Сподели в други сайтове

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Achito at 2015-07-18 21:31:41 Run:1
Running from C:\Users\Achito\Desktop
Loaded Profiles: Achito (Available Profiles: Achito)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://trovi.com?Sea...&ctid=CT3329621
URLSearchHook: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
SearchScopes: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 -> DefaultScope {2FAC5A17-A192-44D4-9972-22271CAC26FB} URL = http://trovi.com/Res...9391104331&UM=4
SearchScopes: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 -> {2FAC5A17-A192-44D4-9972-22271CAC26FB} URL = http://trovi.com/Res...9391104331&UM=4
BHO-x32: BS Player ControlBar B Toolbar -> {31264a33-a653-46c4-af49-1232c59a7da5} -> C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
BHO-x32: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
Toolbar: HKLM - BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
Toolbar: HKLM-x32 - BS Player ControlBar B Toolbar - {31264a33-a653-46c4-af49-1232c59a7da5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-791149233-2328095975-4147428115-1001 -> BS Player ControlBar B Toolbar - {31264A33-A653-46C4-AF49-1232C59A7DA5} - C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll [2014-09-30] (ClientConnect Ltd.)
FF Extension: CutTThePrioce - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\[email protected] [2015-07-18]
FF Extension: BS Player ControlBar B  - C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\{31264a33-a653-46c4-af49-1232c59a7da5} [2015-07-18]
S2 Quizzical Range; C:\Users\Achito\AppData\Roaming\Quizzical Range\Quizzical Range.exe [X]
2015-07-18 17:32 - 2015-07-18 17:32 - 00000000 ____D C:\ProgramData\4392950016782254136
2015-07-18 17:31 - 2015-07-18 17:32 - 00000000 ____D C:\Program Files (x86)\CutTThePrioce
2015-07-18 17:30 - 2015-07-18 17:30 - 00000000 ____D C:\ProgramData\nkaaoindbpafdnliclicpciclcepmlnm
2015-07-18 17:30 - 2015-07-18 17:30 - 00000000 ____D C:\ProgramData\ciopfpjphcicgdnkoknaommpehcjmmcf
2015-07-18 17:29 - 2015-07-18 17:30 - 00000000 ____D C:\Users\Achito\AppData\Roaming\Quizzical Range
2015-07-18 17:29 - 2015-07-18 17:29 - 00000410 _____ C:\Windows\Tasks\ClearTasks.job
2015-07-18 17:29 - 2015-07-18 17:29 - 00000000 ____D C:\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}
2015-07-03 21:22 - 2014-11-21 20:52 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\asw381E.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3CA7.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00224896 _____ C:\Windows\system32\Drivers\asw3D25.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3A32.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3D93.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\asw3B0F.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00065776 _____ C:\Windows\system32\Drivers\asw3C39.tmp
2015-07-03 21:22 - 2014-10-02 21:14 - 00029208 _____ C:\Windows\system32\Drivers\asw3AB0.tmp
CustomCLSID: HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}\InprocServer32 -> C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B\prxtbBS_P.dll (ClientConnect Ltd.)
Task: {1B716EA5-587A-40F7-A89A-B11C00012C00} - System32\Tasks\ClearTasks => c:\programdata\{b164b201-f8a7-c168-b164-4b201f8ac807}\diablo ii median xl v1 13 colo downloader.exe [2015-07-18] () <==== ATTENTION
Task: {4C1F77C8-67FD-4FA7-AF2B-457560C23F93} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: C:\Windows\Tasks\ClearTasks.job => c:\programdata\{b164b201-f8a7-c168-b164-4b201f8ac807}\diablo ii median xl v1 13 colo downloader.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => value removed successfully
"HKCR\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => value not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => value removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{31264a33-a653-46c4-af49-1232c59a7da5} => value not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FAC5A17-A192-44D4-9972-22271CAC26FB}" => key removed successfully
HKCR\CLSID\{2FAC5A17-A192-44D4-9972-22271CAC26FB} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31264a33-a653-46c4-af49-1232c59a7da5}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => key removed successfully
HKCR\Wow6432Node\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{31264A33-A653-46C4-AF49-1232C59A7DA5} => value removed successfully
"HKCR\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{31264a33-a653-46c4-af49-1232c59a7da5} => value removed successfully
HKCR\Wow6432Node\CLSID\{31264a33-a653-46c4-af49-1232c59a7da5} => key not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31264A33-A653-46C4-AF49-1232C59A7DA5} => value removed successfully
HKCR\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5} => key not found.
C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\[email protected] => moved successfully.
C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\Extensions\{31264a33-a653-46c4-af49-1232c59a7da5} => moved successfully.
Quizzical Range => Service removed successfully
C:\ProgramData\4392950016782254136 => moved successfully.
C:\Program Files (x86)\CutTThePrioce => moved successfully.
C:\ProgramData\nkaaoindbpafdnliclicpciclcepmlnm => moved successfully.
C:\ProgramData\ciopfpjphcicgdnkoknaommpehcjmmcf => moved successfully.
C:\Users\Achito\AppData\Roaming\Quizzical Range => moved successfully.
C:\Windows\Tasks\ClearTasks.job => moved successfully.
C:\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807} => moved successfully.
"C:\Windows\system32\Drivers\asw381E.tmp" => File/Folder not found.
"C:\Windows\system32\Drivers\asw3CA7.tmp" => File/Folder not found.
"C:\Windows\system32\Drivers\asw3D25.tmp" => File/Folder not found.
"C:\Windows\system32\Drivers\asw3A32.tmp" => File/Folder not found.
"C:\Windows\system32\Drivers\asw3D93.tmp" => File/Folder not found.
"C:\Windows\system32\Drivers\asw3B0F.tmp" => File/Folder not found.
"C:\Windows\system32\Drivers\asw3C39.tmp" => File/Folder not found.
"C:\Windows\system32\Drivers\asw3AB0.tmp" => File/Folder not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\CLSID\{31264A33-A653-46C4-AF49-1232C59A7DA5} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B716EA5-587A-40F7-A89A-B11C00012C00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B716EA5-587A-40F7-A89A-B11C00012C00}" => key removed successfully
C:\Windows\System32\Tasks\ClearTasks => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ClearTasks" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C1F77C8-67FD-4FA7-AF2B-457560C23F93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C1F77C8-67FD-4FA7-AF2B-457560C23F93}" => key removed successfully
C:\Windows\System32\Tasks\ASP => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => key removed successfully
C:\Windows\Tasks\ClearTasks.job not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

Hosts restored successfully.
EmptyTemp: => 1.5 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:36:49 ====

Линк към този отговор
Сподели в други сайтове

Ок...сега да видим как да оправим проблема с Google Chrome. :)

 

Първо искам да проверя нещо:

 

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

Сега вече в списъка с програмите ще се появи и Google Update Helper. Деинсталирайте и него с помощта на GeekUninstaller.

 

След това ще напиша скрипт за премахване на остатъците от Google и като сме готови ще ви кажа да пробвате да инсталирате Google Chrome отново.

 

 

Поздрави!

Линк към този отговор
Сподели в други сайтове

Премахнал съм и google upd. helper-a.
 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Achito at 2015-07-18 22:45:01 Run:2
Running from C:\Users\Achito\Desktop
Loaded Profiles: Achito (Available Profiles: Achito)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
CMD: Dir /b c:\*Google* /s
reg: reg query HKCU\SOFTWARE\Google
reg: reg query "HKCU\SOFTWARE\Google\Update\Clients" /s
reg: reg query "HKCU\SOFTWARE\Google\Update\ClientState" /s
reg: reg query HKLM\SOFTWARE\Google
reg: reg query HKLM\SOFTWARE\Wow6432Node\Google
reg: reg query "HKLM\SOFTWARE\Google\Update\Clients" /s
reg: reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s
reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients" /s
reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully

=========  Dir /b c:\*Google* /s =========

c:\Program Files\AVAST Software\Avast\WebRep\FF\content\common\skin\img\google+.png
c:\Program Files\AVAST Software\Avast\WebRep\IE\templates\img\google+.png
c:\Program Files (x86)\Google
c:\Program Files (x86)\Google\Update\GoogleGGupdate.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdate.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateBroker.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateComRegisterShell64.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateHelper.msi
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateOnDemand.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\GoogleUpdateWebPlugin.exe
c:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll
c:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.28.1\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update\Install\{026FB1B3-2FA1-4D35-9B53-13A98CCD9D82}\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update\Install\{892F478E-9B44-4C56-A360-A5F90E7202D6}\GoogleUpdateSetup.exe
c:\Program Files (x86)\Google\Update\Install\{CA519866-EEF5-4350-BFEF-4A7779276E76}\GoogleUpdateSetup.exe
c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Stack 5\Packages\Microsoft.Owin.Security.Google.3.0.0
c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Stack 5\Packages\Microsoft.Owin.Security.Google.3.0.0.nupkg
c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Stack 5\Packages\Microsoft.Owin.Security.Google.3.0.0\Microsoft.Owin.Security.Google.3.0.0.nuspec
c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Stack 5\Packages\Microsoft.Owin.Security.Google.3.0.0\lib\net45\Microsoft.Owin.Security.Google.dll
c:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Stack 5\Packages\Microsoft.Owin.Security.Google.3.0.0\lib\net45\Microsoft.Owin.Security.Google.XML
c:\Program Files (x86)\Microsoft SDKs\Microsoft Azure\Mobile Services\1.0\Packages\Microsoft.Owin.Security.Google.2.1.0
c:\Program Files (x86)\Microsoft SDKs\Microsoft Azure\Mobile Services\1.0\Packages\Microsoft.Owin.Security.Google.2.1.0.nupkg
c:\Program Files (x86)\Microsoft SDKs\Microsoft Azure\Mobile Services\1.0\Packages\Microsoft.Owin.Security.Google.2.1.0\Microsoft.Owin.Security.Google.2.1.0.nuspec
c:\Program Files (x86)\Microsoft SDKs\Microsoft Azure\Mobile Services\1.0\Packages\Microsoft.Owin.Security.Google.2.1.0\lib\net45\Microsoft.Owin.Security.Google.dll
c:\Program Files (x86)\Microsoft SDKs\Microsoft Azure\Mobile Services\1.0\Packages\Microsoft.Owin.Security.Google.2.1.0\lib\net45\Microsoft.Owin.Security.Google.XML
c:\Program Files (x86)\Microsoft Web Tools\Packages\Microsoft.Owin.Security.Google.3.0.0
c:\Program Files (x86)\Microsoft Web Tools\Packages\Microsoft.Owin.Security.Google.3.0.0.nupkg
c:\Program Files (x86)\Microsoft Web Tools\Packages\Microsoft.Owin.Security.Google.3.0.0\Microsoft.Owin.Security.Google.3.0.0.nuspec
c:\Program Files (x86)\Microsoft Web Tools\Packages\Microsoft.Owin.Security.Google.3.0.0\lib\net45\Microsoft.Owin.Security.Google.dll
c:\Program Files (x86)\Microsoft Web Tools\Packages\Microsoft.Owin.Security.Google.3.0.0\lib\net45\Microsoft.Owin.Security.Google.XML
c:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\google.xml
c:\Program Files (x86)\VideoLAN\VLC\lua\meta\art\01_googleimage.luac
c:\Program Files (x86)\VideoLAN\VLC\lua\playlist\googlevideo.luac
c:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdate.exe_f844fefdfaa9443e6444e84212b412c84cee367_e324c896_cab_058b6a06
c:\Users\Achito\AppData\Local\Google
c:\Users\Achito\AppData\Roaming\ACEStream\player\lua\meta\art\01_googleimage.luac
c:\Users\Achito\AppData\Roaming\ACEStream\player\lua\playlist\googlevideo.luac
c:\Users\Achito\AppData\Roaming\DAEMON Tools Lite\MediaInfo\js\app\modules\Msw\GoogleAnalytics.js
c:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_GoogleUpdate.exe_f844fefdfaa9443e6444e84212b412c84cee367_e324c896_cab_058b6a06
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-13E2FD20.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-233CB53B.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-289E6A2B.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-3793A5FC.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-4593EB5E.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-72BDCAED.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-8343F8DC.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-848214F1.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-BAA7A6F3.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-BE323A24.pf
c:\Windows\Prefetch\GOOGLEUPDATE.EXE-D0729A57.pf
c:\Windows\Prefetch\GOOGLEUPDATEONDEMAND.EXE-22F9748C.pf
c:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-201786BC.pf
c:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-29A635E8.pf
c:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-8E58B9FE.pf
c:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-F3426B1A.pf
c:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-F8AEC943.pf
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google

========= End of CMD: =========


========= reg query HKCU\SOFTWARE\Google =========


HKEY_CURRENT_USER\SOFTWARE\Google\Software Removal Tool
HKEY_CURRENT_USER\SOFTWARE\Google\Update


========= End of Reg: =========


========= reg query "HKCU\SOFTWARE\Google\Update\Clients" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKCU\SOFTWARE\Google\Update\ClientState" /s =========


HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
    dr    REG_SZ    1

HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
    dr    REG_SZ    1
    lastrun    REG_SZ    13081709101885876



========= End of Reg: =========


========= reg query HKLM\SOFTWARE\Google =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query HKLM\SOFTWARE\Wow6432Node\Google =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Google\Update\Clients" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\Clients" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
    pv    REG_SZ    1.3.28.1
    name    REG_SZ    Google Update



========= End of Reg: =========


========= reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
    pv    REG_SZ    1.3.28.1
    brand    REG_SZ    GGLS
    InstallTime    REG_DWORD    0x54b82658
    DayOfInstall    REG_DWORD    0xb78
    DayOfLastActivity    REG_DWORD    0xffffffff
    DayOfLastRollCall    REG_DWORD    0xc30
    RollCallDayStartSec    REG_DWORD    0x55a9f975
    LastCheckSuccess    REG_DWORD    0x55aa4094
    UpdateTime    REG_DWORD    0x55a9f930

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
    UninstallArguments    REG_SZ     --uninstall --multi-install --system-level
    brand    REG_SZ    GGLS
    usagestats    REG_DWORD    0x0
    ap    REG_SZ    2.0-dev-multi
    pv    REG_SZ    43.0.2357.134
    ActivePingDayStartSec    REG_DWORD    0x55a9f975
    RollCallDayStartSec    REG_DWORD    0x55a9f975
    DayOfLastActivity    REG_DWORD    0xc30
    DayOfLastRollCall    REG_DWORD    0xc30
    LastCheckSuccess    REG_DWORD    0x55aa4094
    UpdateTime    REG_DWORD    0x55a691cd
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x2
    msi    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
    lang    REG_SZ    bg
    brand    REG_SZ    GGLS
    InstallTime    REG_DWORD    0x54b82672
    DayOfInstall    REG_DWORD    0xb78
    DayOfLastActivity    REG_DWORD    0xc30
    DayOfLastRollCall    REG_DWORD    0xc30
    browser    REG_DWORD    0x3
    ap    REG_SZ    2.0-dev-multi-chrome
    UninstallArguments    REG_SZ     --uninstall --multi-install --chrome --system-level
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x0
    pv    REG_SZ    43.0.2357.134
    LastCheckSuccess    REG_DWORD    0x55aa4094
    ActivePingDayStartSec    REG_DWORD    0x55a9f975
    RollCallDayStartSec    REG_DWORD    0x55a9f975
    InstallerResult    REG_DWORD    0x0
    InstallerError    REG_DWORD    0x2
    msi    REG_DWORD    0x0
    usagestats    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}
    pv    REG_SZ    43.0.2357.134
    RollCallDayStartSec    REG_DWORD    0x55a9f975
    DayOfLastRollCall    REG_DWORD    0xc30

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState
    StateValue    REG_DWORD    0x11



========= End of Reg: =========


==== End of Fixlog 22:49:18 ====

Линк към този отговор
Сподели в други сайтове

По принцип се трият само следните ключове със CLSID - {430FD4D0-B729-4F61-AA34-91526481799D}

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}

 

http://techdows.com/2012/08/fix-to-installation-failed-the-google-chrome-installer-failed-to-start.html

 

Но при вас имаме улеснението, че:

 

1. Нямате други продукти на Google инсталирани.

2. Няма други акаунти в системата, които да имат други продукти на Google инсталирани...и затова можем да премахнем целите ключове (не само parent зависимите), както и целите папки дори в Program Files (която е обща за всички акаунти в системата).

 

Затова:

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Сега пробвайте да инсталирате отново Google Chrome от линка по-горе. Ако не стане с него изтеглете offline инсталатора на програмата оттук. С нея ще стане на 100%:

 

https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BF4BE8D58-3A95-ACDE-2273-22C620A10DB3%7D%26lang%3Den%26browser%3D4%26usagestats%3D0%26appname%3DGoogle%2520Chrome%26needsadmin%3Dprefers%26installdataindex%3Ddefaultbrowser/update2/installers/ChromeStandaloneSetup.exe

 

Пишете за резултата.

Линк към този отговор
Сподели в други сайтове

 Хрома е Ок но забелязах, че командите ctrl + v и ctrl + c не работят във windows explorer (пример пробвам се да копирам нещо от директория на десктоп-а и не става) при един от рестартите уйн-а се ъпдейтна, а ъпдейтите съм ги забранил.

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Achito at 2015-07-18 23:45:49 Run:3
Running from C:\Users\Achito\Desktop
Loaded Profiles: Achito (Available Profiles: Achito)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
c:\Program Files (x86)\Google
c:\Users\Achito\AppData\Local\Google
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Google
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Google
end
*****************

c:\Program Files (x86)\Google => moved successfully.
c:\Users\Achito\AppData\Local\Google => moved successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google => moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Google => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_CURRENT_USER\SOFTWARE\Google => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\Google => key removed successfully

==== End of Fixlog 23:45:49 ====

Линк към този отговор
Сподели в други сайтове

Само на десктопа ли го има проблема или навсякъде? Кога се появи, след заразяването или след инсталирането на актуализацията?

Не мисля, че се е появил след стъпките, които сме приложили до този момент и затова не питам дали се е появил след тях.

Проверете и какво се е инсталирало от Start Menu => въведете Windows Update => кликнете долу на Installed Updates => кликнете на колоната Installed On за да ги подредите по дата и премахнете последната актуализация като кликнете върху нея и след това изберете Uninstall. Рестартирайте системата и вижте дали проблема продължава. Но не мисля, че е от актуализациите...аз съм ги приложил всичките на Windows 8.1 x64 и нямам проблеми с ctrl + c и ctrl + v.

 

Нека да проверим за остатъци:

 

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

 

СТЪПКА 2

 

 

Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

След това пишете как е положението.

Имам няколко идеи и как можем да оправим и това положение...ако не сработи винаги има System Restore, но тогава ще се върнат и adware боклуците и трябва да почнем отначало. Ще видим.

Вие помислете дали сте правили нещо и дали не сте забранили още нещо, което не трябва! :)

 

 

Поздрави!

Линк към този отговор
Сподели в други сайтове

Проблема с ctrl + v/c се е оправил сам.

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 08:11:21
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 8.1 Enterprise  (x64)
# Username : Achito - ANTON
# Running from : C:\Users\Achito\Downloads\adwcleaner_4.208(1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Tbccint
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\YTAHelper
Folder Deleted : C:\Users\Achito\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Achito\AppData\LocalLow\Tbccint
Folder Deleted : C:\Users\Achito\AppData\LocalLow\BS_Player_ControlBar_B
Folder Deleted : C:\Users\Achito\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Achito\AppData\Roaming\AceWebExtension
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3329621
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31264A33-A653-46C4-AF49-1232C59A7DA5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3A1209A4-8568-40F0-9B5E-4A06A2A06417}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\Video Player
Key Deleted : HKCU\Software\AceStream
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Tbccint
Key Deleted : HKCU\Software\AppDataLow\Software\TbccintSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\BS_Player_ControlBar_B
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKU\.DEFAULT\Software\Goobzo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v39.0 (x86 en-US)

[oeiva3u9.default\prefs.js] - Line Deleted : user_pref("[email protected]", true);
[oeiva3u9.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "/FJKOQEFRAGJ4H5TWZW5TQFW71EPOBXLJRZMB+9ABGSVVYTGZHIE8Y8P2HD5YKCOJCZAZ+90AAMHHCH5IWSV+W");

-\\ Google Chrome v43.0.2357.134


*************************

AdwCleaner[R0].txt - [3432 bytes] - [19/07/2015 08:04:54]
AdwCleaner[R1].txt - [3490 bytes] - [19/07/2015 08:08:50]
AdwCleaner[s0].txt - [3209 bytes] - [19/07/2015 08:11:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3268  bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 Enterprise x64
Ran by Achito on Sun 07/19/2015 at  8:39:44.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\thunder network
Successfully deleted: [Folder] C:\Users\Achito\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\Achito\Appdata\Local\installer
Successfully deleted: [Folder] C:\Users\Achito\Appdata\LocalLow\.ACEStream
Successfully deleted: [Folder] C:\Users\Achito\AppData\Roaming\.ACEStream
Successfully deleted: [Folder] C:\Users\Achito\AppData\Roaming\ACEStream
Successfully deleted: [Folder] C:\Users\Achito\AppData\Roaming\AlawarEntertainment



~~~ FireFox

Successfully deleted: [File] C:\Users\Achito\AppData\Roaming\mozilla\firefox\profiles\oeiva3u9.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Successfully deleted the following from C:\Users\Achito\AppData\Roaming\mozilla\firefox\profiles\oeiva3u9.default\prefs.js

user_pref(CT3329621.FF19Solved, true);
user_pref(CT3329621.UserID, UN88811579511432244);
user_pref(CT3329621.dum, 2);
user_pref(CT3329621.fullUserID, UN88811579511432244.IN.20141212235656);
user_pref(CT3329621.installDate, 12/12/2014 23:57:06);
user_pref(CT3329621.installSessionId, f3b9d7b0-5a23-4215-a696-4234e9c7e28f);
user_pref(CT3329621.installSp, FALSE);
user_pref(CT3329621.installerVersion, 1.11.0.11);
user_pref(CT3329621.searchRevert, @[email protected]);
user_pref(CT3329621.searchUninstallUserMode, 4);
user_pref(CT3329621.searchUserMode, 4);
user_pref(CT3329621.toolbarInstallDate, 12-12-2014 23:56:56);
user_pref(CT3329621.versionFromInstaller, 10.35.0.3);
user_pref(CT3329621.xpeMode, 1);
Emptied folder: C:\Users\Achito\AppData\Roaming\mozilla\firefox\profiles\oeiva3u9.default\minidumps [27 files]



~~~ Chrome


[C:\Users\Achito\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Achito\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Achito\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Achito\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/19/2015 at  8:52:41.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 

Линк към този отговор
Сподели в други сайтове

Преди да приключим направете следните 3 проверки:

 

 

СТЪПКА 1

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.1.8.1057 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

 

СТЪПКА 2

 

 

1.Изтеглете Hitman Pro.
За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif


2.Стартирайте програмата.

3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

 

 

 

СТЪПКА 3

 

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Full Scan. Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.

 

 

Поздрави!

Линк към този отговор
Сподели в други сайтове

СТЪПКА 1 :

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2015
Scan Time: 5:09 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.20.03
Rootkit Database: v2015.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Achito

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415626
Time Elapsed: 59 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD6777E3-51B2-4CC1-8A3E-B2E81E004C32}, Quarantined, [13f0469ec3c7f541603aaaea16ee25db],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E68F3D86-CC50-471E-9978-49151DF17102}, Quarantined, [43c01ec699f1ac8a8f0b2e6620e454ac],

Registry Values: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD6777E3-51B2-4CC1-8A3E-B2E81E004C32}|AppPath, C:\Users\Achito\AppData\Local\Tbccint\CT3329621, Quarantined, [13f0469ec3c7f541603aaaea16ee25db]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E68F3D86-CC50-471E-9978-49151DF17102}|AppPath, C:\Users\Achito\AppData\Local\Tbccint\CT3329621, Quarantined, [43c01ec699f1ac8a8f0b2e6620e454ac]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 8
PUP.Optional.Softonic, C:\Users\Achito\Downloads\SoftonicDownloader_for_mkv-player.exe, Quarantined, [fc07c321345632045e282e1045bbf40c],
PUP.Optional.OpenCandy, C:\Users\Achito\Downloads\DTLite4491-0356.exe, Quarantined, [40c35f85e3a7c76f18ffaead25e0ed13],
Hacktool.CheatEngine, C:\Users\Achito\Downloads\EURO.TRUCK.SIMULATOR.2.ALL.PLUS6TRN.ALEKSANDERD.ZIP, Quarantined, [c93a4a9aa4e6b2842e5ed362b54b9f61],
PUP.Optional.OpenCandy, C:\Users\Achito\Downloads\bsplayer.exe, Quarantined, [b54e27bd8703d95df81fd48746bf1de3],
PUP.Optional.ClientConnect, C:\Users\Achito\Downloads\bsplayer268.1077.exe, Quarantined, [a45fbb294f3b6dc99220b97e04fde51b],
PUP.Optional.APNToolBar.A, C:\Users\Achito\Downloads\camfrog.exe, Quarantined, [dd26e7fd94f6a88ec8ca5453bb467f81],
PUP.Optional.Zulu, C:\Users\Achito\Downloads\cheat engine setup.exe, Quarantined, [59aaa53f5e2cd85e6e64e2c630d48e72],
PUP.Optional.Somoto.C, C:\Users\Achito\Downloads\CheatEngine63_downloader-I9Hzcm8jN.exe, Quarantined, [c0433ea67a108babb1777eeb7c897987],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

СТЪПКА 2
<Log computer="ANTON" windows="6.3.0.9600.X64/4" scan="Normal" version="3.7.9.242" date="2015-07-20T18:21:37" timeSpentInSecs="611" filesProcessed="41433"><Item type="Malware" malwareName="Riskware" score="108.0" status="None"><Scanners><Scanner id="Bitdefender" name="Gen:Variant.Adware.MPlug.59" /></Scanners><File path="C:\FRST\Quarantine\C\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}\diablo ii median xl v1 13 colo downloader.exe" hash="2AB17A7560E1AEC171CF80C9FB8CCD3A6615F3AA7F5BB35C77C05889ACF3A47B" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net" /></Item><Item type="PUP" score="0.0" status="None"><File path="C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Web Data" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:ads.kaldata.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:ads.pubmatic.com" /></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:doubleclick.net" /></Item></Item><Item type="Cookie" score="0.0" status="None"><File path="C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:track.absoluteclickscom.com" /></Item></Item><Item type="Suspicious" score="22.0" status="None"><File path="C:\Users\Achito\AppData\Roaming\uTorrent\uTorrent.exe" hash="D94B971CECD864FE6153EBE94A775157F3CDB69E8AD802EB78CFC0136737C0F2" /><Startup><Key path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent" /></Startup><References><File path="C:\Users\Achito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk" /><File path="C:\Users\Achito\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk" /><File path="C:\Users\Achito\Desktop\µTorrent.lnk" /></References></Item><Item type="Suspicious" score="24.0" status="None"><File path="C:\Users\Achito\Desktop\FRST64.exe" hash="72B04B2EB964FD13E132754F6CFC00A87735D1357B5D550B26E6C815843BF969" /></Item><Item type="Suspicious" score="24.0" status="None"><File path="C:\Users\Achito\Desktop\фрст\FRST64.exe" hash="72B04B2EB964FD13E132754F6CFC00A87735D1357B5D550B26E6C815843BF969" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKLM\SOFTWARE\Wow6432Node\Reg\Clean\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\AppDataLow\Software\Smartbar\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Conduit\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Reg\Clean\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\" /></Item><Item type="PUP" score="0.0" status="None"><File path="HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\" /></Item></Log>

Стъпка 3: Тук нямах опция FUll Scan и избрах malware scan.  Сега правя Custom scan и ако намери нещо ще го кача.

Emsisoft Emergency Kit - Version 10.0
Last update: 7/20/2015 6:50:57 PM
User account: ANTON\Achito

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7/20/2015 6:52:57 PM
Value: HKEY_USERS\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\CONDUIT     detected: Application.InstallAd (A)

Scanned    79026
Found    3

Scan end:    7/20/2015 7:00:18 PM
Scan time:    0:07:21

Value: HKEY_USERS\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_USERS\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\CONDUIT    Quarantined Application.InstallAd (A)

Quarantined    3


 

HitmanPro_20150720_1833.xml

Линк към този отговор
Сподели в други сайтове

Извинявам се за забавянето, но бях служебно ангажиран. Лог файла от Hitmanpro е нечетим в този си вид.

В адресната лента на Windows Explorer поставете => C:\Programdata\HitmanPro\Logs

и натиснете Enter. Отворете резултатите и ги копирайте в следващия си коментар.

 

 

Поздрави!

Линк към този отговор
Сподели в други сайтове

Няма проблеми :)
 

HitmanPro 3.7.9.242
www.hitmanpro.com

   Computer name . . . . : ANTON
   Windows . . . . . . . : 6.3.0.9600.X64/4
   User name . . . . . . : ANTON\Achito
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-07-20 18:21:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 10m 11s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 38

   Objects scanned . . . : 2,037,053
   Files scanned . . . . : 41,433
   Remnants scanned  . . : 371,973 files / 1,623,647 keys

Malware _____________________________________________________________________

   C:\FRST\Quarantine\C\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}\diablo ii median xl v1 13 colo downloader.exe
      Size . . . . . . . : 261,120 bytes
      Age  . . . . . . . : 2.0 days (2015-07-18 17:29:42)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 2AB17A7560E1AEC171CF80C9FB8CCD3A6615F3AA7F5BB35C77C05889ACF3A47B
    > Bitdefender  . . . : Gen:Variant.Adware.MPlug.59
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -1.4s C:\Windows\Prefetch\DIABLO II MEDIAN XL V1 13 COL-8874FD2A.pf
         -0.0s C:\FRST\Quarantine\C\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}\
          0.0s C:\FRST\Quarantine\C\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}\diablo ii median xl v1 13 colo downloader.exe
          0.0s C:\FRST\Quarantine\C\Users\Achito\AppData\Roaming\Quizzical Range\
          0.4s C:\FRST\Quarantine\C\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}\diablo ii median xl v1 13 colo downloader.dat
          0.5s C:\FRST\Quarantine\C\Windows\Tasks\ClearTasks.job.xBAD
          0.8s C:\FRST\Quarantine\C\Windows\System32\Tasks\ClearTasks.xBAD
          1.6s C:\FRST\Quarantine\C\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}\3e9ef63c28192416
          1.6s C:\FRST\Quarantine\C\ProgramData\{b164b201-f8a7-c168-b164-4b201f8ac807}\f36350690fcdc3c2


Suspicious files ____________________________________________________________

   C:\Users\Achito\AppData\Roaming\uTorrent\uTorrent.exe
      Size . . . . . . . : 1,694,560 bytes
      Age  . . . . . . . : 290.8 days (2014-10-02 23:04:38)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : D94B971CECD864FE6153EBE94A775157F3CDB69E8AD802EB78CFC0136737C0F2
      Product  . . . . . : µTorrent
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : µTorrent
      Version  . . . . . : 3.4.3.40298
      Copyright  . . . . : ©2015 BitTorrent, Inc. All Rights Reserved.
      RSA Key Size . . . : 2048
      Desktop  . . . . . : Default
      Parent Name  . . . : C:\Windows\explorer.exe
      LanguageID . . . . : 1033
      Authenticode . . . : Self-signed
      Running processes  : 2864
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
         Program has a human-computer interface (GUI). This is typical for most programs.
      Startup
         HKU\S-1-5-21-791149233-2328095975-4147428115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uTorrent
      References
         C:\Users\Achito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
         C:\Users\Achito\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
         C:\Users\Achito\Desktop\µTorrent.lnk
      Network Ports
         0.0.0.0:58265    
         127.0.0.1:10000    
         192.168.1.113:50445    115.98.132.207:10000
         192.168.1.113:51137    97.71.21.177:52878
         192.168.1.113:52056    112.203.223.210:11967

   C:\Users\Achito\Desktop\FRST64.exe
      Size . . . . . . . : 2,134,528 bytes
      Age  . . . . . . . : 1.8 days (2015-07-18 22:43:54)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72B04B2EB964FD13E132754F6CFC00A87735D1357B5D550B26E6C815843BF969
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Achito\Desktop\фрст\FRST64.exe
      Size . . . . . . . : 2,134,528 bytes
      Age  . . . . . . . : 1.9 days (2015-07-18 21:29:27)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72B04B2EB964FD13E132754F6CFC00A87735D1357B5D550B26E6C815843BF969
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Web Data

   HKLM\SOFTWARE\Wow6432Node\Reg\Clean\ (AskBar)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\AppDataLow\Software\Smartbar\ (Conduit)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\ (Conduit)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Reg\Clean\ (RegClean Pro)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\ (UniDeals)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\ (Conduit)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ (UniDeals)
   HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}\ (UniDeals)

Cookies _____________________________________________________________________

   C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:ads.kaldata.com
   C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:doubleclick.net
   C:\Users\Achito\AppData\Roaming\Mozilla\Firefox\Profiles\oeiva3u9.default\cookies.sqlite:track.absoluteclickscom.com
Линк към този отговор
Сподели в други сайтове

Изтеглете KKdS6sj.pngfixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

И след това сме готови:

 

Ето и няколко финални препоръки:

 

1. Проверете за стари приложения с помощта на PatchMyPC или с програмата Secunia Personal Software Inspector.

 

2. Инсталирайте Unchecky за да се предпазите от адуер по време на инсталацията на даден софтуер.

 

3. За да почистим използваните от нас инструменти направете следното:

 

Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!

 

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools и Purge system restore (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run. Инструмента ще се самоизтрие след като приключи своята задача!

 

Ако има папки, които не са се изтрили след гореспоменатите процедури пишете и ще ги премахнем ръчно.

 

4. За защита от криптовирусите, освен обновяване на ОС и антивирусната програма е добре да имунизирате системата си с CryptoPrevent и профила Maximum Protection: (Не използвайте последната опция, защото още е бъгава и не работи коректно, но на ваш риск може да я пробвате да видите как ще се държи системата и с последната опция).

 

mtBkCIZ.jpg

 

Тъй като ползвате Windows 8, ако използвате програма за бекъп ще е добре от настройките на CryptoPrevent => Advanced = Show More Advanced Options => да премахнете отметката пред Prevent Execution of bcdedit.exe => сега натиснете Apply Protection.

 

Можете да погледнете и новата програма CryptoMonitor (но инструмента още се разработва и е доста бъгав) и безплатната версия е доста орязана и затова не ви го препоръчвам (платената версия е добра обаче).

 

Не забравяйте да изключите и Autorun в Windows, защото криптовирусите могат да се настанят и на външните дискове и флашки и да заразят информацията на тези носители при свързването им с инфектирана система и след това да заразят и други системи при свързването на външните дискове към други компютри (и така да го предадете и на тях). Microsoft са създали автоматичен инструмент за целта => MSFixIt. Добре е също така след като вкарате външния диск дори и при спрян Autorun просто да сканирате буквата на устройството с обновена антивирусна програма преди да започнете да прехвърляте данни от и към външния диск.

 

Има и други програми, но са главно за напреднали потребители и няма да се спирам много задълбочено на тях, защото са сравнително по-сложни за употреба на средностатистическите потребители.. Затова само ще ги изброя. Такива са Applocker в Windows, SecureAplus, VoodooShield, HitmanPro.Alert, EMET, Panda Internet Security (с опцията DataShield), Comodo Internet Security (с опциите auto-sandbox или Protected Files and Folders), sandboxie (някои от програмите са чисти антивирусни и не трябва да се инсталират повече от една антивирусна програма на една система - визирам Panda и Comodo, други са създадени за да допълват антивирусните програми и да работят в тандем с тях, но все пак трябва да се избира внимателно за да няма конфликти помежду им и да не хабят напразно системни ресурси). Добре е да не се спира System RestoreFile History в Windows 8), да не се спира UAC - User Account Control (даже да се направи на максималното ниво на защита), да не се спира SmartScreen (наличен само в Windows 8), да се внимава с прикачените файлове към електронната поща. Добра идея е и да забраните скриптовете, ако не използвате такива с помощта на инструмента - Noscript.exe. Стартирайте го и изберете Disable. Ако ви потрябва да стартирате някога (js или vbs файлове, просто стартирайте инструмента и го направете на Enable). Добре е да се внимава и с PDF файловете (повечето програми позволяват да се изключи java script в PDF четците, да се забрани на PDF файловете да стартират външни програми и да комуникират с интернет и прочие), да се внимава с офис файловете за макрос експлоити (пак може да се затегне сигурността от настройките на офис пакетите), добре е да се внимава за файлове с двойни разширения (например ако в My Computer => Tools => Folder Options => не е премахната отметката пред "Hide extensions for known file types" ако свалите даден файл от интернет с името image.exe.jpg, вие ще го видите като image.jpg, но всъщност файла ще е image.exe и щом го стартирате това ще задейства и вируса). Добра идея е да инсталирате Malwarebytes Anti-Exploit за да си осигурите спокойствие при сърфиране. Трудничко е, но просто няма как. Потребителите трябва да се научат да проявяват бдителност и хигиена при сърфиране.

 

5. За подобряване на производителността (ако системата ви се вижда мудна) вижте следните няколко теми:

 

Оптимизиране на Windows с цел по-добра производителност

Ръководство за поддръжка на Windows (XP, Vista и 7) [Revision 2.0]

Какво да направя, ако компютърът ми работи бавно

Профилактика на компютъра,как?

 

6. Проверете системата си актуални драйвери от сайтовете на производителите на компонентите ако ви се занимава (не използвайте програми за автоматично обновяване на драйверите за да си спестите главоболията после) и направете пълна проверка за гадини с наличната ви антивирусна програма за всеки случай.

 

7. Винаги правете бекъп на важните си документи на външни носители и за не толкова ценните неща на cloud услуги. Научете се да не инсталирате програми от съмнителни източници. Добра идея е да се научите да си създавате огледални образи на текущото работещо състояние на дяла на който се намира Операционната Система. Възстановяването на такъв образ при нужда в пъти по-лесен и бърз начин за връщане на работещото състояние на системата от преинсталация или опит за ръчно премахване на даден проблем. Такъв образ може да се създаде с външна програма като Macrium Reflect Free.

Можете да видите и тази тема

 

Поздрави и усмихната седмица! Ще маркирам случая като РЕШЕН! :bye1:

Линк към този отговор
Сподели в други сайтове

Благодаря Ви много!
Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Achito at 2015-07-25 08:06:56 Run:4
Running from C:\Users\Achito\Desktop
Loaded Profiles: Achito &  (Available Profiles: Achito)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Web Data
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Reg\Clean
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\AppDataLow\Software\Smartbar
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Conduit
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Reg\Clean
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
DeleteKey: HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
end
*****************

C:\Users\Achito\AppData\Local\Google\Chrome\User Data\Default\Web Data => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Reg\Clean => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\Reg\Clean => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\AppDataLow\Software\Smartbar => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\AppDataLow\Software\Smartbar => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040} => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA} => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Conduit => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Conduit => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Reg\Clean => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001\Software\Reg\Clean => key removed successfully
HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => key not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040} => key not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA} => key not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5} => key not found.
HKU\S-1-5-21-791149233-2328095975-4147428115-1001_Classes\Wow6432Node\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} => key not found.

==== End of Fixlog 08:07:03 ====
 

Линк към този отговор
Сподели в други сайтове

Имам един проблем една от програмите, които сте написали по - горе ми е забранила торент програмта, като администратор и не ми дава да я пусна някаква идея ?

 

Реших си проблема

Ако инсталирам друга торент клиен се получава същата работа.

Грешката е следната: your system administrator has blocked this program

Линк към този отговор
Сподели в други сайтове

Това е от CryptoPrevent.

Отворете програмата отидете на Advanced => Software Restriction Policy Editor и вкарайте exe-то на utorrent в белия списък:

 

KRWWpDD.jpg

 

Или алтернативата когато инсталирате нови програми е временно да спрете защитата на програмата => изберете None - Remove all protections => Apply и рестарт. Като приключите с инсталацията на софтуера просто я активирайте отново и изберете Apply и рестарт. Малко е досадно, но все пак е по-добре отколкото да загубите файловете си заради криптиращ бацил.

Просто това е програма за заключване на системата след инсталацията на софтуер и така да ви предпази при стартиране на непознати exe файлове. Тя не работи с дефиниции и затова спира доста зарази заради начина си на действие...но...самата тя не може да определи дали дадените файлове са заразени...просто забранява дропването на файлове на специфични места за които е известно, че не трябва да са там. Разбира се има и легитимни програми, които могат да бъдат дропнати на тези места и затова е дадена възможността за поставянето им в белия списък.

 

mtBkCIZ.jpg

 

Програмата е базирана на Group Policy Editor-a, който обаче не е наличен в някои версии на Windows (като Home например). Аз съм си задал допълнителни правила в Local Security Policy, защото в безплатната версия на CryptoPrevent не могат да се добавят такива ръчно, а аз съм си сменил мястото на %Temp% папките в Windows с помощта на Environment Variables в Windows на друг дял за да не ми се хаби SSD диска...и просто така CryptoPrevent няма как да ми пази %temp% папките и съм се защитил и ръчно:

 

Ukp4MTM.jpg

 

Ако ви е трудно можете да премахнете защитите на CryptoPrevent и след това да я деинсталирате...може би не е за всеки, но бях длъжен да я спомена.

 

 

Поздрави! :)

Линк към този отговор
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване