Премини към съдържанието
snuri

Проблем с промяна на началната страница на мозила(http://www.%snf%.com/) и вирус caMyciloP.exe

Препоръчан отговор


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Admin (administrator) on ADMIN-PC (02-02-2016 22:42:23)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Steve Murphy) C:\Program Files (x86)\AWC\AWC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-26] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKU\S-1-5-21-231658052-2254068489-1350766131-1001\...\Run: [AWC] => "C:\Program Files (x86)\AWC\AWC"
HKU\S-1-5-21-231658052-2254068489-1350766131-1001\...\MountPoints2: {bb533ed7-3166-11e5-ae73-00241dde1117} - G:\Setup.exe
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-26] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{BA808B4F-77FA-424B-9353-0195A547446A}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-08-21] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-01-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-26] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-28] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-26] (AVAST Software)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8m3wpm6x.default
FF SelectedSearchEngine: Yahoo
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-09] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-09] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2015-03-23] (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-08-14]
FF Extension: Speed Dial - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8m3wpm6x.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-13]
FF Extension: Adblock Plus - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8m3wpm6x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-26]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-26]
FF HKU\S-1-5-21-231658052-2254068489-1350766131-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-231658052-2254068489-1350766131-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 [2016-02-02] [not signed]
FF HKU\S-1-5-21-231658052-2254068489-1350766131-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-26]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-08-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-26] (AVAST Software)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-26] (AVAST Software)
S3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30264 2015-07-21] (Disc Soft Ltd)
S3 dtultrausbbus; C:\Windows\System32\DRIVERS\dtultrausbbus.sys [47160 2015-07-21] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 oem-drv64; C:\Windows\System32\DRIVERS\oem-drv64.sys [42496 2016-02-02] (secr9tos) [File not signed]
S3 sdfhgdf; C:\Windows\System32\DRIVERS\sdfhgdf.sys [23208 2016-01-26] (Corporation) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [301824 2007-03-18] (Vimicro Corporation)
R3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1494656 2007-03-25] (Vimicro Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 22:42 - 2016-02-02 22:42 - 00012442 _____ C:\Users\Admin\Desktop\FRST.txt
2016-02-02 22:42 - 2016-02-02 22:42 - 00000000 ____D C:\FRST
2016-02-02 22:41 - 2016-02-02 22:41 - 02370560 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-02-02 22:38 - 2016-02-02 22:38 - 00414432 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-02 22:31 - 2016-02-02 22:31 - 00108840 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-02 22:28 - 2016-02-02 22:28 - 00001529 _____ C:\Users\Admin\Desktop\ss.txt
2016-01-30 08:47 - 2016-01-30 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-01-30 08:46 - 2016-01-30 08:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-28 18:36 - 2016-01-28 18:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Sun
2016-01-28 18:36 - 2016-01-28 18:36 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
2016-01-27 02:11 - 2016-01-27 02:11 - 00001117 _____ C:\Users\Admin\Desktop\CR2.lnk
2016-01-27 02:11 - 2016-01-27 02:11 - 00001006 _____ C:\Users\Admin\Desktop\Diction.lnk
2016-01-27 02:11 - 2016-01-27 02:11 - 00000979 _____ C:\Users\Admin\Desktop\aida64.lnk
2016-01-26 23:50 - 2016-01-26 23:50 - 00001168 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-26 23:48 - 2016-01-26 23:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-01-26 23:48 - 2016-01-26 23:47 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-26 23:47 - 2016-02-02 21:09 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-26 23:47 - 2016-01-27 10:48 - 00001975 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-26 23:47 - 2016-01-26 23:47 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-26 23:47 - 2016-01-26 23:47 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-26 23:47 - 2016-01-26 23:47 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-26 23:47 - 2016-01-26 23:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AVAST Software
2016-01-26 23:47 - 2016-01-26 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-26 23:47 - 2016-01-26 23:47 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-26 23:46 - 2016-01-26 23:46 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-26 22:04 - 2016-02-02 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-26 21:36 - 2016-02-02 22:10 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 21:36 - 2016-01-26 22:08 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-26 21:36 - 2016-01-26 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-26 21:36 - 2016-01-26 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-26 21:36 - 2016-01-26 21:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-26 21:36 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-26 21:36 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-26 21:36 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-26 17:10 - 2016-01-26 17:10 - 00023208 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2016-01-26 17:09 - 2016-01-26 17:09 - 00301799 _____ ( ) C:\Users\Admin\Downloads\EaseUs_Partition_Master_10_8_All_Edition_Reg_Keys_www_licensesnkey_com_rar [1].exe
2016-01-26 16:56 - 2016-01-27 00:42 - 00000000 ____D C:\Program Files\BitTorrent
2016-01-14 17:56 - 2016-01-14 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-08 01:47 - 2016-01-08 01:47 - 00000000 ____D C:\Users\Admin\Documents\Autodata
2016-01-08 01:37 - 2016-01-08 01:37 - 00001436 _____ C:\Users\Public\Desktop\Autodata 3.38.lnk
2016-01-08 01:36 - 2016-01-08 01:47 - 00000000 ____D C:\ADCDA2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-02 22:38 - 2015-03-24 04:14 - 00042496 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv64.sys
2016-02-02 22:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-02 22:33 - 2015-11-08 01:16 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-02 22:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-02-02 22:17 - 2015-07-04 17:47 - 00000000 ____D C:\Windows\Minidump
2016-02-02 22:17 - 2015-04-09 23:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IDM
2016-02-02 22:17 - 2015-03-23 22:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Notepad++
2016-02-02 22:17 - 2015-03-23 18:48 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-02 22:17 - 2015-03-23 18:42 - 00000000 ____D C:\Users\Admin\AppData\Roaming\uTorrent
2016-02-02 22:16 - 2015-05-20 20:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Ashisoft
2016-02-02 22:15 - 2015-03-23 18:24 - 00000000 ____D C:\Users\Admin
2016-02-02 21:48 - 2015-07-01 20:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-02 21:27 - 2015-03-23 23:19 - 00000000 ____D C:\Program Files (x86)\KMPlayer
2016-02-02 21:20 - 2015-03-23 23:29 - 00000000 ____D C:\Users\Admin\AppData\Roaming\AIMP
2016-02-02 21:19 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-02 21:19 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-02 21:16 - 2015-03-23 22:46 - 00000000 ____D C:\Users\Admin\.VirtualBox
2016-02-02 17:08 - 2015-12-13 20:49 - 00000000 ____D C:\Users\Admin\Desktop\Nehrin!
2016-02-01 22:34 - 2015-03-23 18:43 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DMCache
2016-02-01 17:36 - 2015-09-18 22:08 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\uTorrent
2016-01-30 08:47 - 2015-12-06 21:37 - 00000424 _____ C:\Users\Admin\AppData\Local\UserProducts.xml
2016-01-29 23:59 - 2015-04-09 23:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-01-29 09:11 - 2011-01-21 19:27 - 00716530 _____ C:\Windows\system32\perfh019.dat
2016-01-29 09:11 - 2011-01-21 19:27 - 00149512 _____ C:\Windows\system32\perfc019.dat
2016-01-29 09:11 - 2009-07-14 07:13 - 01648470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-28 18:36 - 2015-03-23 18:42 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-01-28 18:36 - 2015-03-23 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-28 18:36 - 2015-03-23 18:41 - 00000000 ____D C:\Program Files\Java
2016-01-26 23:46 - 2015-05-11 19:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-26 21:59 - 2015-03-23 18:44 - 00001070 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-26 21:59 - 2015-03-23 18:24 - 00001440 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-26 17:10 - 2015-03-23 18:24 - 00001620 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-01-14 17:56 - 2015-09-22 04:32 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-14 17:56 - 2015-04-21 16:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-14 17:56 - 2015-04-21 16:09 - 00000000 ____D C:\Users\Admin\AppData\Local\Skype
2016-01-14 17:56 - 2015-04-09 23:27 - 00000000 ____D C:\ProgramData\Skype
2016-01-09 09:41 - 2009-07-14 07:08 - 00032536 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-09 00:26 - 2015-07-01 20:10 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-09 00:26 - 2015-07-01 20:10 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-09 00:26 - 2015-07-01 20:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-08 01:37 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

==================== Files in the root of some directories =======

2015-04-06 00:44 - 2015-04-06 00:44 - 0007605 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2015-07-21 13:09 - 2015-07-21 13:49 - 0828671 ____N () C:\Users\Admin\AppData\Local\Tempmusic.ogg
2015-12-06 21:37 - 2015-12-06 21:37 - 0000003 _____ () C:\Users\Admin\AppData\Local\updater.log
2015-12-06 21:37 - 2016-01-30 08:47 - 0000424 _____ () C:\Users\Admin\AppData\Local\UserProducts.xml

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> "IntegrityChecks" is disabled. <===== ATTENTION


LastRegBack: 2016-01-29 11:49

==================== End of FRST.txt ============================

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това възстановете настройките на Mozilla Firefox по подразбиране от Help => Troubleshooting Information => Refresh Firefox.

След това пишете как е положението.

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Благодаря,че ми помагате!

Стартирах скрипта,поиска рестарт..след рестарт рефрешнах мозиллата и всички настройки м исе изтриха(аддблок,ИДМ и др),НО началната страница си остана

Цитат

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Admin (2016-02-04 00:02:13) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Qzamobl11652,74c5f437-a28c-4779-ab70-e3bf00365835,
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G1Qzamobl11652,74c5f437-a28c-4779-ab70-e3bf00365835,
Hosts:
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Shortcut argument removed successfully.
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument restored successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-231658052-2254068489-1350766131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-231658052-2254068489-1350766131-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 175.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:03:14 ====

 

Screenshot_2.jpg

Редактирано от snuri (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Намерих решение...

Имало е добавен допълнителен ред на прекия път на мозилата %SNF%

Цитат

After a lot of digging, I found that the solution to this problem is fairly simple. Just check the shortcut to your firefox browser - it should read something like "C:\Program Files(x86)\Mozilla Firefox\firefox.exe" %SNF% when you open its properties. Just remove the trailing %SNF%, and save the shortcut - your problem will get fixed.

 


  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Като цяло логовете са чисти. Почистихме съвсем дребни нещица. Да гледам за проблем с прекия път на Мозила не се замислих, защото обикновено FRST ги хваща, а в лог файла не видях проблем с прекия път на Мозила. Ще докладвам това. Като цяло пак щяхме да го хванем, защото и без да е обновен FRST има способността да проверява преките пътища на програмите, ако се сложи съответната отметка преди да се натисне бутона Scan.

Блгагодаря, че все пак споделихте решението намерено от вас. Ако нямате повече въпроси ще маркирам случая като приключен, защото и без това активни зарази не се виждат. Смятам, че е честно да е приключен, а не решен, защото вие си го решихте сам. ;)

Поздрави и хубав ден!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Имам много файлове в карантината на МБАМ тях какво да ги правя?

Screenshot_1.jpg

МБАМ винаги открива по нещо...

Malwarebytes Anti-Malware
www.malwarebytes.org

Дата на сканиране: 4.2.2016 г.
Час на сканиране: 20:11 ч.
Дневник: saa.txt
Администратор: Да

Версия: 2.2.0.1024
База от данни за злонамерен софтуер: v2016.02.04.04
База от данни за рууткити: v2016.01.20.01
Лиценз: Premium
Защита от злонамерен софтуер: Разрешено
Защита от злонамерени страници: Разрешено
Самозащита: Забранено

ОС: Windows 7 Service Pack 1
Процесор: x64
Файлова система: NTFS
Потребител: Admin

Тип сканиране: Сканиране за заплахи
Резултат: Завършено
Сканиране обекти: 333208
Изминало време: 12 мин. 30 сек.

Памет: Разрешено
Начално стартиране: Разрешено
Файлова система: Разрешено
Архиви: Разрешено
Рууткити: Забранено
Евристика: Разрешено
ПНП: Разрешено
ПНИ: Разрешено

Процеси: 0
(Не бяха открити злонамерени обекти)

Модули: 0
(Не бяха открити злонамерени обекти)

Ключове в системния регистър: 1
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtAirtostrong, , [bdf7015bb4e563d3a44452fc857f669a],

Стойности в системния регистър: 0
(Не бяха открити злонамерени обекти)

Данни в системния регистър: 0
(Не бяха открити злонамерени обекти)

Папки: 0
(Не бяха открити злонамерени обекти)

Файлове: 0
(Не бяха открити злонамерени обекти)

Физически сектори: 0
(Не бяха открити злонамерени обекти)


(end)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Можете да ги изтриете. Това, което виждам да открива са остатъци в регистрите, но видях, че сте сканирали с доста инструменти от арсенала ни и затова не съм подходил по-агресивно. В такъв случай да направим още проверки.

 

СТЪПКА 1

 

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[C0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.

 

СТЪПКА 2

 

Моля изтеглете icon1448041809.pngJunkware Removal Tool на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

СТЪПКА 3

 

Направете нова проверка с FRST като сложите отметка пред Addition.txt преди да натиснете бутона SCAN и след това прикачете новите резултати.

 

Това е засега! :)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Цитат

# AdwCleaner v5.032 - Logfile created 04/02/2016 at 22:29:02
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Admin - ADMIN-PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_5.032.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Windows\SysNative\drivers\sdfhgdf.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [737 bytes] ##########

 

Цитат

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x64
Ran by Admin (Administrator) on зҐвў 04.02.2016 Ј. at 22:31:38,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 4

Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZZ3UP5P (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECTZ4EYC (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3AT8ZM0 (Folder)
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TG3RPT8F (Folder)

Deleted the following from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\prefs.js
user_pref(browser.urlbar.suggest.searches, true);

 

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\sdfhgdf (Registry Key)

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on зҐвў 04.02.2016 Ј. at 22:33:21,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Addition.txt

FRST.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

СТЪПКА 1

 

icon_zps423a0d9f.jpgМоля изтеглете ZHPcleaner и я запазете на вашия десктоп.

  • Стартирайте ZHPCleaner с десен клик върху файла и изберете от контекстното меню "Run as administrator"
  • Кликнете върху Ashampoo_Snap_20140819_13h09m50s_001__zp за да се съгласите с лицензионното споразумение.
  • Изберете бутона y3pI4LR.png.
  • Браузърите ще бъдат затворени автоматично.
  • Ще се отвори лог файл след прикючването на проверката.
  • Публикувайте лог файла в следващия си коментар.

 

СТЪПКА 2

 

 

Моля изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-2.1.8.1057.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.

 

СТЪПКА 3

 

1.Изтеглете Hitman Pro.

За 32-битова система - dEMD6.gif.
За 64-битова система - Download-button3.gif

2.Стартирайте програмата.
3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

5.Натиснете бутона „Напред“.

6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
 
Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
 
6-scanfin-choose.jpg
 
Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:\Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Забележка: Папката C:\ProgramData е скрита и затова трябва да направите скритите файлове видими по-следния начин:

От My Computer => Tools => Folder Options => View:

Сложете отметка пред "Show hidden files, folders and drives"

и махнете отметката пред "Hide protected operating system files (recommended)".

Натиснете Apply.

Сега проверете за лог файла в папката C:\Programdata\HitmanPro\Logs и го прикачете в следващия си коментар. :)

 

СТЪПКА 4

 

emsisoft_emergency_kit.pnglogo.png

  • Моля изтеглете EmsisoftEmergencyKit, стартирайте exe файла и посочете къде да се разархивира програмата - например в (C:\EEK), натискайки бутона Extract.
  • Стартирайте иконата на файла Start Emsisoft Emergency Kit от десктопа за да стартирате приложението.
  • Натиснете бутона"Yes", когато бъдете подканени да обновите дефинициите на програмата.

EKK.gif

  • След като процеса по обновяването на дефинициите приключи натиснете бутона "Scan".
  • Натиснете бутона "Yes", когато бъдете попитани дали да програмата да включи засичането на потенциално нежелани приложения (Potentially Unwanted Applications).
  • Сега вече изберете бутона Custom Scan. Премахнете от списъка всички дялове без C:\ (т.е. нека да остане само дял C:\ в списъка).
  • Натиснете Next за да започне проверката.
  • Когато проверката приключи натиснете бутона View Report.
  • Копирайте съдържанието на лог файла в следващия си коментар.

 

СТЪПКА 5

 

Изтеглете Публикувано изображение Security Check от screen317 от този линк и го запаметете на вашия десктоп.

Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.

Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля поставете съдържанието му в следващия ви коментар в тази тема.

 

Поздрави! ;)

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
Цитат

~ ZHPCleaner v2016.2.4.22 by Nicolas Coolman (2016/02/04)
~ Run by Admin (Administrator)  (05/02/2016 09:44:12)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Admin\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Admin\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
FOUND: [sxa9qvkg.default-1454539091216] - user_pref("extensions.WanderBurst.cg", "45bb6527-aabb-4bf3-8178-3ced724244d3");  =>PUP.Optional.WanderBurst


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (4)
FOUND file: C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [Copyright 2009 - Starter Module]  =>PUP.Optional.Skillbrains
FOUND folder: C:\Program Files (x86)\Skillbrains\lightshot  =>PUP.Optional.Skillbrains
FOUND folder: C:\Program Files (x86)\Skillbrains\Updater  =>PUP.Optional.Skillbrains
FOUND folder: C:\Program Files (x86)\Skillbrains  =>PUP.Optional.Skillbrains


---\\  Registry ( Key, Value, Data) (8)
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Favorite-Games_is1 [Favorite-Games Sounds]  =>Adware.Favorit
FOUND value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lightshot [C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe]  =>PUP.Optional.Skillbrains
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lightshot [C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe]  =>PUP.Optional.Skillbrains
FOUND key: HKEY_USERS\S-1-5-21-231658052-2254068489-1350766131-1001\SOFTWARE\SkillBrains []  =>PUP.Optional.Skillbrains
FOUND key: HKCU\Software\SkillBrains []  =>PUP.Optional.Skillbrains
FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caMyciloP.exe []  =>PUP.Optional.caMycilo
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains []  =>PUP.Optional.Skillbrains
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains]  =>PUP.Optional.Skillbrains


---\\  Summary of the elements found (4)
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.WanderBurst
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Skillbrains
http://www.nicolascoolman.fr/?p=4664 =>Adware.Favorit
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.caMycilo


---\\ Result of repair
~ Any repair made
~ Browser not found (Google Chrome)


---\\ Statistics
~ Items scanned : 71373
~ Items found : 16
~ Items cancelled : 0
~ Items repaired : 0


~ End of search in 00h06mn10s
===================
ZHPCleaner--05022016-09_50_22.txt

 

 

Цитат

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5.2.2016 г.
Scan Time: 09:56 ч.
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.05.01
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334401
Time Elapsed: 19 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Цитат

 


			HitmanPro 3.7.12.253

			www.hitmanpro.com
		

		

   Computer name . . . . : ADMIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Admin-PC\Admin
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-02-05 10:19:04
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 22

   Objects scanned . . . : 1 073 659
   Files scanned . . . . : 22 059
   Remnants scanned  . . : 180 320 files / 871 280 keys

Suspicious files ____________________________________________________________

   C:\Users\Admin\Desktop\FRST64.exe
      Size . . . . . . . : 2 370 560 bytes
      Age  . . . . . . . : 0.5 days (2016-02-04 22:26:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 329DE119D3FD38387AA31C04A3C649587B579C89467D26DA5BA601346994BB87
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-231658052-2254068489-1350766131-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Admin\Desktop\FRST64.exe
      Forensic Cluster
         -0.3s C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\FRST64_444\
          0.0s C:\Users\Admin\Desktop\FRST64.exe

   C:\Windows\SysWOW64\d3dx9_34.dll
      Size . . . . . . . : 3 497 832 bytes
      Age  . . . . . . . : 312.6 days (2015-03-29 18:59:26)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 782B8870200F40C92609117746320B2B825987AFCF764CE3C3D2FA21CD4F4FE6
      Product  . . . . . : Microsoft® DirectX for Windows®
      Publisher  . . . . : Microsoft Corporation
      Description
      Version  . . . . . : 9.19.949.0046
      Copyright  . . . . : Copyright © Microsoft Corp. 1994-2007
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{d45929a2-951f-4eb4-91be-79125af755f0}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\Interface\{383C4480-BBA7-4B1C-B57D-95CB0F8540AA}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{d45929a2-951f-4eb4-91be-79125af755f0}\ (WanderBurst)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8}\ (WanderBurst)
   HKU\S-1-5-21-231658052-2254068489-1350766131-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-231658052-2254068489-1350766131-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QSqlDriverFactoryInterface:\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)
   HKU\S-1-5-21-231658052-2254068489-1350766131-1001\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\Mobogenie\ (Rocketfuel)

Cookies _____________________________________________________________________

   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:addthis.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:adnxs.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:ctnsnet.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:doubleclick.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:in.getclicky.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:krxd.net
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:pagefair.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:scorecardresearch.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:taboola.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:trc.taboola.com
   C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxa9qvkg.default-1454539091216\cookies.sqlite:yadro.ru

 

 

 

Цитат

 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java version 32-bit out of Date!
 Adobe Flash Player 20.0.0.267  
 Mozilla Firefox (44.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

 

Цитат

Emsisoft Emergency Kit - Version 11.0
Last update: 5.2.2016 г. 10:34:06
User account: Admin-PC\Admin

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    5.2.2016 г. 10:34:54
C:\Program Files (x86)\Internet Download Manager\idm.6.19.9.3-patch.exe     detected: Trojan.Generic.11910641 (B)

Scanned    185666
Found    1

Scan end:    5.2.2016 г. 11:11:55
Scan time:    0:37:01

C:\Program Files (x86)\Internet Download Manager\idm.6.19.9.3-patch.exe     Trojan.Generic.11910641 (B)

Quarantined    1

 

 

Редактирано от snuri (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

Почти сме готови.

 

СТЪПКА 1

 

Направете и нова проверка с ZPHCleaner и след като тя приключи този път натиснете бутона Repair.

Като се отвори списъка с намерените неща за почистване се разходете из категориите => File => премахнете всички отметки и натиснете бутона Validate.

Сега отидете до Folder => и отново премахнете всички отметки и натиснете Validate.

Сега отидете до Registry и премахнете всички отметки без тази свързана с PUP.Optional.caMycilo и натиснете Validate.

Вече натиснете бутона Repair. Като приключи натиснете бутона Report и запазете файла на десктопа и го публикувайте в следващия си коментар.

 

СТЪПКА 2

 

Изтеглете edit-text.giffixlist.txt и го запазете на десктопа.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

След това пишете как е положението. ;)

Поздрави!

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

стъпка 1 нещо не се справих..

Registry нямам(предполагам че имахте предвид Key)

Оставих отметката на caMycilo.ехе.Това е лога.

Цитат

~ ZHPCleaner v2016.2.4.22 by Nicolas Coolman (2016/02/04)
~ Run by Admin (Administrator)  (05/02/2016 21:44:16)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Admin\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Admin\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
DELETED: [sxa9qvkg.default-1454539091216] - user_pref("extensions.WanderBurst.cg", "45bb6527-aabb-4bf3-8178-3ced724244d3");  =>PUP.Optional.WanderBurst


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (2)
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caMyciloP.exe []  =>PUP.Optional.caMycilo
DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lightshot [C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe]  =>PUP.Optional.Skillbrains


---\\  Summary of the elements found (3)
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.WanderBurst
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.caMycilo
http://www.nicolascoolman.fr/?p=4664 =>PUP.Optional.Skillbrains


---\\  Other deletions. (14)
~ Registry Keys Tracing deleted (14)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)


---\\ Statistics
~ Items scanned : 3822
~ Items found : 0
~ Items cancelled : 8
~ Items repaired : 3


~ End of clean in 00h01mn15s
===================
ZHPCleaner-[R]-05022016-21_45_31.txt
ZHPCleaner--05022016-21_40_31.txt

 

 

Цитат

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Admin (2016-02-05 21:55:50) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{d45929a2-951f-4eb4-91be-79125af755f0}
DeleteKey: HKLM\SOFTWARE\Classes\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{383C4480-BBA7-4B1C-B57D-95CB0F8540AA}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{d45929a2-951f-4eb4-91be-79125af755f0}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8}
DeleteKey: HKU\S-1-5-21-231658052-2254068489-1350766131-1001\Software\Trolltech
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Classes\AppID\{d45929a2-951f-4eb4-91be-79125af755f0} => key removed successfully
HKLM\SOFTWARE\Classes\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8} => key removed successfully
HKLM\SOFTWARE\Classes\Interface\{383C4480-BBA7-4B1C-B57D-95CB0F8540AA} => key removed successfully
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{d45929a2-951f-4eb4-91be-79125af755f0} => key not found.
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{ea2a7a62-0df5-4a16-af66-adad032f76c8} => key not found.
HKU\S-1-5-21-231658052-2254068489-1350766131-1001\Software\Trolltech => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKU\S-1-5-21-231658052-2254068489-1350766131-1001\Software\Trolltech => key removed successfully


The system needed a reboot.

==== End of Fixlog 21:56:08 ====

 

Редактирано от snuri (преглед на промените)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Справили сте се, но сте изтрили и нещо, което не трябваше:

Цитат

DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Lightshot [C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe]  =>PUP.Optional.Skillbrains

За да го върнете въведете в търсачката на Windows => CMD.exe => кликнете с десен бутон върху файла и изберете Run as administrator

Поставете следната команда с Copy и с десен бутон и Paste в CMD и натиснете Enter след нея:

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v Lightshot /t REG_SZ /d "C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe" /f

Трябва да изпише, че командата се е изпълнила успешно.

За финал пишете как е положението! ;)

Поздрави!

  • Харесва ми 2

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавих ключа.

Мисля че това е за сега.

Благодаря за помоща!

Темата май трябва да се промени на РЕШЕН...

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Всъщност ще го оставя така, защото основния проблем си го решихте и сам. Аз само проверих и премахнах остатъците. Няма голяма значение. И без това тагът освен за статистиките за брой решени или нерешени случаи (нерешени поради отказ на потребителя да продължи, сложност на проблема, тема която не е свързана със зловредна активност и т.н.) служи и за подсказка, кои случаи са приключени и на кои са в процес на обработка и очакват някакво развитие. ;)

Само за последно ще поискам един лог. Стартирайте FRST и сложете отметка пред Shortcut.txt и натиснете бутона SCAN. Прикачете лог файла Shortcut.txt в следващия си коментар. Искам да видя дали не е останала поразен пряк път на програма от %snf%. Ако има искам да видя използваните параметри, защото гадината използва Environment Variable и затова е минала покрай FRST. Това би помогнало да се добави в базата данни на FRST и да се засича занапред автоматично без да се налага претърсване на всички преки пътища в Shortcut.txt.

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове
преди 9 минути, B-boy/StyLe/ написа:

Всъщност ще го оставя така, защото основния проблем си го решихте и сам. Аз само проверих и премахнах остатъците. Няма голяма значение. И без това тагът освен за статистиките за брой решени или нерешени случаи (нерешени поради отказ на потребителя да продължи, сложност на проблема, тема която не е свързана със зловредна активност и т.н.) служи и за подсказка, кои случаи са приключени и на кои са в процес на обработка и очакват някакво развитие. ;)

Само за последно ще поискам един лог. Стартирайте FRST и сложете отметка пред Shortcut.txt и натиснете бутона SCAN. Прикачете лог файла Shortcut.txt в следващия си коментар. Искам да видя дали не е останала поразен пряк път на програма от %snf%. Ако има искам да видя използваните параметри, защото гадината използва Environment Variable и затова е минала покрай FRST. Това би помогнало да се добави в базата данни на FRST и да се засича занапред автоматично без да се налага претърсване на всички преки пътища в Shortcut.txt.

Поздрави!

Заповядай.

Само да вметна,че като стартирах мозиллата ми се отваряше друга страница(обаче немога да се сетя каква..)Та всичко се беше променило-началната страница,хоумпейч,търсачката.Явно след сканиране с многото програми съм изтрил нещо..и останало само част от адреса.Имаше добавен ред не само на иконката на декстопа,а и на иконката на таскбара.Наложи се да изтрия иконата от таскбара и да я добавя наново.Акотова ще ти е от помощ

Shortcut.txt

  • Харесва ми 1

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами всъщност по щеше да ми бъде от помощ да бъде заразената за да и видя параметъра, но сега всичко изглежда наред. Нищо другия път. ;)

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход


  • Подобни теми

    • от Technokom Plovdiv
      Ето събщението, което получава всеки изпратил имейл до нас:
      This message was created automatically by mail delivery software.
      A message that you sent has not yet been delivered to one or more of its recipients after more than 24 hours on the queue on hemus.superhosting.bg.
       
       
      The message identifier is:     1eJa1Z-003lh9-9Y
      The subject of the message is: =?utf-8?B?Rlc6INC80LDQvdC+0LzQtdGC0YrRgA==?=
      The date of the message is:    Tue, 28 Nov 2017 09:09:44 +0200
       
       
      The address to which the message has not yet been delivered is:
       
       
        henryresult111@gmail.com
          (ultimately generated from xxxxxxx@xxxxxxxx.bg)
          host alt4.gmail-smtp-in.l.google.com [74.125.28.27]
          Delay reason: SMTP error from remote mail server after RCPT TO:<henryresult111@gmail.com>:
          452-4.2.2 The email account that you tried to reach is over quota. Please direct
          452-4.2.2 the recipient to
          452 4.2.2  https://support.google.com/mail/?p=OverQuotaTemp h72si2628468pfj.20 - gsmtp
       
       
      No action is required on your part. Delivery attempts will continue for some time, and this warning may be repeated at intervals if the message remains undelivered. Eventually the mail delivery software will give up, and when that happens, the message will be returned to you.
       
      Това съобщение го получават изпращащите мейли към този домейн. Събщенията се получават без проблем. Няма проблем и със сървърното място.
      Не разбирам и каква е връзката с gmail и google след като домейнът е частен. Също нямам никаква идея чий е този имейл: henryresult111@gmail.com
      Възможно ли е да е вирус? Сканирани са всички служебни машини. Имаше разни гадини, които уж обезвредихме, но проблемът не се оправи.
      Сменихме и паролите на всички мейли - нищо.
      Ето информацията от FRST:
      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-11-2017
      Ran by pc (administrator) on PC1 (30-11-2017 14:23:09)
      Running from C:\Documents and Settings\pc.PC1\Desktop
      Loaded Profiles: pc (Available Profiles: pc & Administrator & Guest)
      Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
      Internet Explorer Version 8 (Default browser: FF)
      Boot Mode: Normal
      Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
      ==================== Processes (Whitelisted) =================
      (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
      (HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
      (HP) C:\WINDOWS\system32\HPSIsvc.exe
      (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
      (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
      (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
      (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
      (Viber Media S.à r.l.) C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
      (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
      (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
      () C:\2017\wsklad.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
      (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
      ==================== Registry (Whitelisted) ===========================
      (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
      HKLM\...\Run: [RTHDCPL] => C:\Windows\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [Alcmtr] => C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
      HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-10-31] (AVG Technologies CZ, s.r.o.)
      HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [302744 2017-11-16] (AVG Technologies CZ, s.r.o.)
      HKU\S-1-5-20\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\Run: [Viber] => C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.à r.l.)
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\...\MountPoints2: {260473e8-84c9-11e3-a542-001cf0d5a2b8} - G:\SISetup.exe
      HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk [2017-11-30]
      ShortcutTarget: Microsoft Office Outlook 2007.lnk -> C:\WINDOWS\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe ()
      Startup: C:\Documents and Settings\pc.PC1\Start Menu\Programs\Startup\Skype.lnk [2017-03-06]
      ShortcutTarget: Skype.lnk -> C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico (No File)
      GroupPolicy: Restriction ? <==== ATTENTION
      ==================== Internet (Whitelisted) ====================
      (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
      Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Tcpip\..\Interfaces\{E7E61260-FB73-4F9E-B467-F1870B906C7C}: [DhcpNameServer] 192.168.1.1 192.168.1.1
      Internet Explorer:
      ==================
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKU\S-1-5-21-329068152-1604221776-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-22] (Sun Microsystems, Inc.)
      BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-22] (Sun Microsystems, Inc.)
      DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://dl-ak.solidworks.com/nonsecure/edrawings/e2012sp02/12.2.0.110/cab//eModelsStandard.cab
      DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
      DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
      DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
      FireFox:
      ========
      FF DefaultProfile: 07ckpc18.default-1412315343695
      FF ProfilePath: C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695 [2017-11-30]
      FF Extension: (YouTube Video and Audio Downloader) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-22] [Lagacy]
      FF Extension: (Google Search by Image) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\google@hitachi.com.xpi [2016-05-03] [Lagacy]
      FF Extension: (signTextJS) - C:\Documents and Settings\pc.PC1\Application Data\Mozilla\Firefox\Profiles\07ckpc18.default-1412315343695\Extensions\jid1-AXn9cXcB4fD1QQ@jetpack.xpi [2017-06-15] [Lagacy]
      FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
      FF Extension: (Java Quick Starter) - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-06-22] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-27] [Lagacy] [not signed]
      FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
      FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Lagacy] [not signed]
      FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-09-04] ()
      FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
      FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
      Chrome:
      =======
      CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
      ==================== Services (Whitelisted) ====================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [282536 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5954792 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-10-31] (AVG Technologies CZ, s.r.o.)
      R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [247712 2012-07-25] (HP)
      S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-22] (Sun Microsystems, Inc.)
      S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
      S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft) [File not signed]
      R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
      S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
      S2 HP LaserJet Service; "C:\Program Files\hp\HPLaserJetService\HPLaserJetService.exe" [X]
      S0 MBAMService; no ImagePath
      ===================== Drivers (Whitelisted) ======================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [20624 2012-10-31] (AVAST Software)
      R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [149592 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiskx.sys [135872 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [249232 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [151024 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [270344 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [43992 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35264 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [117368 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [63280 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [775552 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [381184 2017-11-16] (AVG Technologies CZ, s.r.o.)
      R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [290776 2017-11-16] (AVG Technologies CZ, s.r.o.)
      S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
      S3 dg_ssudbus; C:\WINDOWS\System32\DRIVERS\ssudbus.sys [107648 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 HP1210FAX; C:\WINDOWS\System32\Drivers\HPM1210FAX.sys [13824 2010-04-28] () [File not signed]
      R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
      R3 m4cxw2k3; C:\WINDOWS\System32\DRIVERS\m4cxw2k3.sys [250752 2007-02-15] (D-Link Corporation)
      S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
      S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
      S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2009-08-03] (VSO Software) [File not signed]
      R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
      S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
      S0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [721904 2009-07-13] (Duplex Secure Ltd.)
      S3 ssudmdm; C:\WINDOWS\System32\DRIVERS\ssudmdm.sys [146048 2016-07-22] (Samsung Electronics Co., Ltd.)
      S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
      S2 adfs; no ImagePath
      S3 BOCDRIVE; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys [X]
      S2 DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [X]
      S3 FXDrv32; \??\D:\FXDrv32.sys [X]
      S4 IntelIde; no ImagePath
      ==================== NetSvcs (Whitelisted) ===================
      (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

      ==================== One Month Created files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2017-11-30 14:23 - 000012709 _____ C:\Documents and Settings\pc.PC1\Desktop\FRST.txt
      2017-11-30 14:22 - 2017-11-30 14:23 - 000000000 ____D C:\FRST
      2017-11-30 14:22 - 2017-11-30 14:22 - 001752064 _____ (Farbar) C:\Documents and Settings\pc.PC1\Desktop\FRST.exe
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Program Files\Quester
      2017-11-24 14:34 - 2017-11-24 14:34 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QMailFilter
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\CEF
      2017-11-24 14:32 - 2017-11-24 14:32 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Application Data\AVG
      2017-11-24 14:31 - 2017-11-24 14:31 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Application Data\Avg
      2017-11-24 14:21 - 2017-11-24 14:21 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PCHealth
      2017-11-20 12:24 - 2017-11-20 12:40 - 000065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\pc.PC1\Doctor Web
      2017-11-20 12:24 - 2017-11-20 12:24 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Doctor Web
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\My Documents\Untitled.pdf
      2017-11-16 14:45 - 2017-11-16 14:45 - 000087203 _____ C:\Documents and Settings\pc.PC1\Desktop\Untitled.pdf
      2017-11-16 13:03 - 2017-11-16 13:05 - 000000000 ____D C:\EEK
      2017-11-16 13:02 - 2017-11-16 13:02 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Temp
      2017-11-16 10:11 - 2017-11-16 10:11 - 000001608 _____ C:\Documents and Settings\All Users\Desktop\AVG AntiVirus FREE.lnk
      2017-11-16 10:11 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\AVG
      2017-11-16 10:10 - 2017-11-30 10:10 - 000000288 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
      2017-11-16 10:10 - 2017-11-16 10:10 - 000775552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000381184 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000306448 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
      2017-11-16 10:10 - 2017-11-16 10:10 - 000290776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000149592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
      2017-11-16 10:10 - 2017-11-16 10:10 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
      2017-11-16 10:08 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
      2017-11-16 10:08 - 2017-11-16 10:08 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
      2017-11-16 10:06 - 2017-11-30 11:06 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
      2017-11-16 10:06 - 2017-11-16 10:08 - 000000000 ____D C:\Program Files\AVG
      2017-11-16 09:51 - 2017-11-16 09:51 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\CEF
      2017-11-16 09:50 - 2017-11-16 11:23 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:11 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\Avg
      2017-11-16 09:50 - 2017-11-16 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\AvgSetupLog
      ==================== One Month Modified files and folders ========
      (If an entry is included in the fixlist, the file/folder will be moved.)
      2017-11-30 14:23 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Temp
      2017-11-30 14:20 - 2015-08-03 07:23 - 000271360 _____ C:\Documents and Settings\pc.PC1\My Documents\Outlook_Archive.pst
      2017-11-30 14:16 - 2016-12-27 11:00 - 000000000 ____D C:\2017
      2017-11-30 10:49 - 2014-01-15 10:08 - 000000000 ____D C:\Documents and Settings\pc.PC1\Local Settings\Application Data\gtk-2.0
      2017-11-30 10:49 - 2013-08-02 12:55 - 000000000 ____D C:\Documents and Settings\pc.PC1\.gimp-2.8
      2017-11-30 07:55 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\ViberPC
      2017-11-30 07:52 - 2014-03-28 08:20 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
      2017-11-30 07:52 - 2008-09-12 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
      2017-11-30 07:52 - 2008-04-14 14:00 - 000011936 _____ C:\WINDOWS\system32\wpa.dbl
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000178 ___SH C:\Documents and Settings\pc.PC1\ntuser.ini
      2017-11-29 16:54 - 2013-08-02 12:50 - 000000000 ____D C:\Documents and Settings\pc.PC1
      2017-11-29 16:54 - 2008-09-12 18:28 - 000032520 _____ C:\WINDOWS\SchedLgU.Txt
      2017-11-28 11:37 - 2011-12-19 11:25 - 000000000 ____D C:\Program Files\The KMPlayer
      2017-11-24 14:40 - 2013-08-02 13:09 - 000211496 _____ C:\Documents and Settings\pc.PC1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2017-11-24 14:37 - 2013-11-01 13:09 - 000000178 ___SH C:\Documents and Settings\Administrator.PC1\ntuser.ini
      2017-11-24 14:36 - 2010-03-25 10:10 - 000979370 _____ C:\WINDOWS\ntbtlog.txt
      2017-11-24 14:35 - 2013-11-01 13:09 - 000000000 ____D C:\Documents and Settings\Administrator.PC1\Local Settings\Temp
      2017-11-24 14:28 - 2008-09-12 21:12 - 002469912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
      2017-11-24 14:25 - 2013-08-02 14:23 - 000065536 _____ C:\WINDOWS\system32\config\ODiag.evt
      2017-11-24 14:15 - 2008-09-13 10:13 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2017-11-24 14:12 - 2008-04-14 14:00 - 000000668 _____ C:\WINDOWS\win.ini
      2017-11-24 11:47 - 2016-08-12 14:25 - 000000000 ____D C:\Documents and Settings\pc.PC1\My Documents\ViberDownloads
      2017-11-22 16:05 - 2013-12-11 14:52 - 000000000 ____D C:\2014
      2017-11-22 16:04 - 2010-12-03 14:28 - 000000000 ____D C:\2011
      2017-11-22 16:03 - 2011-12-09 14:39 - 000000000 ____D C:\2012
      2017-11-22 15:40 - 2013-08-02 13:28 - 000002515 _____ C:\Documents and Settings\pc.PC1\Desktop\Microsoft Office Word 2007.lnk
      2017-11-22 14:28 - 2014-12-29 16:42 - 000000000 ____D C:\2015
      2017-11-22 14:25 - 2015-12-23 11:32 - 000000000 ____D C:\2016
      2017-11-16 10:55 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\istartsurf
      2017-11-16 10:48 - 2012-12-20 13:57 - 000000000 ____D C:\2013
      2017-11-16 10:38 - 2014-10-02 15:34 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\IePluginServices
      2017-11-16 09:28 - 2010-09-30 15:57 - 000000000 ____D C:\Program Files\ough
      2017-11-16 09:01 - 2013-09-23 15:54 - 002755382 ___SH C:\Documents and Settings\pc.PC1\Desktop\Thumbs.db
      2017-11-10 13:23 - 2013-08-02 13:49 - 000000000 ____D C:\Documents and Settings\pc.PC1\Application Data\Skype
      2017-11-08 15:00 - 2014-03-28 08:20 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
      ==================== Files in the root of some directories =======
      2015-08-17 11:04 - 2015-08-17 11:08 - 000304492 _____ (AYURvmkth8) C:\Documents and Settings\pc.PC1\Application Data\adobe.exe
      2013-10-07 13:55 - 2014-04-09 12:28 - 000000531 _____ () C:\Documents and Settings\pc.PC1\Application Data\burnaware.ini
      2013-08-02 13:31 - 2017-08-18 12:25 - 000036352 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2014-02-27 17:15 - 2014-02-28 09:48 - 000000600 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\PUTTY.RND
      2017-11-30 10:49 - 2017-11-30 10:49 - 000025377 _____ () C:\Documents and Settings\pc.PC1\Local Settings\Application Data\recently-used.xbel
      2011-03-11 09:28 - 2011-03-11 09:28 - 000000016 _____ () C:\Documents and Settings\All Users\Application Data\.7486160831680234
      2008-10-31 09:19 - 2008-10-31 09:19 - 000000041 ___SH () C:\Documents and Settings\All Users\Application Data\.zreglib
      2008-09-13 13:47 - 2016-04-26 08:08 - 000001669 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
      2014-08-15 11:57 - 2010-03-30 10:12 - 000024772 _____ () C:\Documents and Settings\All Users\Application Data\P1210DEF.css
      2014-08-15 11:57 - 2016-01-22 14:22 - 000015499 _____ () C:\Documents and Settings\All Users\Application Data\P1210OS.HTM
      2014-08-15 11:57 - 2010-03-30 10:12 - 000002944 _____ () C:\Documents and Settings\All Users\Application Data\P1210SIG.GIF
      Some files in TEMP:
      ====================
      2017-10-13 09:08 - 2011-12-29 11:44 - 001275396 _____ (NCH Software) C:\Documents and Settings\pc.PC1\Local Settings\Temp\uninst.exe
      ==================== Bamital & volsnap ======================
      (There is no automatic fix for files that do not pass verification.)
      C:\WINDOWS\explorer.exe => File is digitally signed
      C:\WINDOWS\system32\winlogon.exe => File is digitally signed
      C:\WINDOWS\system32\svchost.exe => File is digitally signed
      C:\WINDOWS\system32\services.exe => File is digitally signed
      C:\WINDOWS\system32\User32.dll => File is digitally signed
      C:\WINDOWS\system32\userinit.exe => File is digitally signed
      C:\WINDOWS\system32\rpcss.dll => File is digitally signed
      C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
      C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
      ==================== End of FRST.txt ============================
      Addition.txt
    • от Gufy
      Файловете ли са криптирани с тази гад  johndoe@weekendwarrior55.com, видео, фото, word, pdf почти всички фаилове са засегнати.
      Моля модераторите да махнат дублиращата тема пусната от мен. Поради проблем в интернета пуснах две без да искам
       
    • от petttto
      Здравейте, направих тема
      https://www.kaldata.com/forums/topic/265104-троянец-в-папка-cache-на-google-chrome/
      но ми казаха да направя и тук.
      Набързо ще се повторя, антивирусната Windows Defender ми открива Brocoiner в папка Cache на Chrome. Трия го след което и всички други файлове в папката също ги трия. Но след време пак ми го открива там и си мисля че е от сайт, който посещавам редовно. Има ли вариант да се разбира по някакъв начин, кой файл от кой сайт е създаден в папка Cache на Google Chrome?
    • от qqrr
      Здравейте.От няколко дни компютъра ми блокира по време на работа,отблокирването става само ,като включа task manager.Тръгва всичко нормално,но след няколко минути отново забива.С windows 8.1 съм.Mawlarebytes я инсталирам ,но не ми дава да се стартира.Очаквам помощ дали проблема е от вирус или проблем в хардуера.
      Addition.txt
      FRST.txt
    • от ForzaInter1908
      Добър вечер!
       
      Занимавах се с едни несигурни програми за gta и май сам прихванал вирус,постояно се товари се товари и забива на отваряне на папка
      Може ли да проверим регистрите дали има нещо защото имам много важни програми.
      Благодаря!
       
       
       
      f.txt
      HitmanPro_20171016_2331.log
      AdwCleaner[S0].txt
  • Разглеждащи в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Дарение

×

Информация

Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.